Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1556229
MD5:a77b03795fd546e1ce17a89770416e0a
SHA1:6473da89e95a6750dfec775ec1805ec025b62ab5
SHA256:47a3a02bf52254b5776960a68c2f17aa773cb66072843638b19cb582e6ef8409
Tags:exeSocks5Systemzuser-Bitsight
Infos:

Detection

Socks5Systemz
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Socks5Systemz
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to infect the boot sector
Machine Learning detection for dropped file
PE file has a writeable .text section
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query network adapater information
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 4888 cmdline: "C:\Users\user\Desktop\file.exe" MD5: A77B03795FD546E1CE17A89770416E0A)
    • file.tmp (PID: 2316 cmdline: "C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp" /SL5="$10448,5263804,721408,C:\Users\user\Desktop\file.exe" MD5: 438F4076E92D3C839405BAB4652FE2CE)
      • net.exe (PID: 6036 cmdline: "C:\Windows\system32\net.exe" pause avidenta_11131 MD5: 31890A7DE89936F922D44D677F681A7F)
        • conhost.exe (PID: 2916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • net1.exe (PID: 2344 cmdline: C:\Windows\system32\net1 pause avidenta_11131 MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)
      • avidenta.exe (PID: 2008 cmdline: "C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe" -i MD5: 19F9733DCD58AFF930F87ACDAF4A09FB)
  • cleanup

Malware Configuration

Threatname: Socks5Systemz

{"C2 list": ["bfpdiyt.com"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Socks5SystemzYara detected Socks5SystemzJoe Security
    00000004.00000002.2940566511.0000000002CD0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Socks5SystemzYara detected Socks5SystemzJoe Security
      Process Memory Space: avidenta.exe PID: 2008JoeSecurity_Socks5SystemzYara detected Socks5SystemzJoe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-11-15T07:01:00.242697+010020494671A Network Trojan was detected192.168.2.449736185.208.158.20280TCP
        2024-11-15T07:01:01.314768+010020494671A Network Trojan was detected192.168.2.449739185.208.158.20280TCP
        2024-11-15T07:01:04.515375+010020494671A Network Trojan was detected192.168.2.449739185.208.158.20280TCP
        2024-11-15T07:01:04.941518+010020494671A Network Trojan was detected192.168.2.449739185.208.158.20280TCP
        2024-11-15T07:01:05.993931+010020494671A Network Trojan was detected192.168.2.449761185.208.158.20280TCP
        2024-11-15T07:01:07.033028+010020494671A Network Trojan was detected192.168.2.449772185.208.158.20280TCP
        2024-11-15T07:01:07.453799+010020494671A Network Trojan was detected192.168.2.449772185.208.158.20280TCP
        2024-11-15T07:01:07.867193+010020494671A Network Trojan was detected192.168.2.449772185.208.158.20280TCP
        2024-11-15T07:01:08.919409+010020494671A Network Trojan was detected192.168.2.449783185.208.158.20280TCP
        2024-11-15T07:01:10.309793+010020494671A Network Trojan was detected192.168.2.449789185.208.158.20280TCP
        2024-11-15T07:01:11.386140+010020494671A Network Trojan was detected192.168.2.449799185.208.158.20280TCP
        2024-11-15T07:01:12.421187+010020494671A Network Trojan was detected192.168.2.449805185.208.158.20280TCP
        2024-11-15T07:01:12.838984+010020494671A Network Trojan was detected192.168.2.449805185.208.158.20280TCP
        2024-11-15T07:01:13.879662+010020494671A Network Trojan was detected192.168.2.449812185.208.158.20280TCP
        2024-11-15T07:01:14.942792+010020494671A Network Trojan was detected192.168.2.449819185.208.158.20280TCP
        2024-11-15T07:01:15.984449+010020494671A Network Trojan was detected192.168.2.449827185.208.158.20280TCP
        2024-11-15T07:01:17.037400+010020494671A Network Trojan was detected192.168.2.449835185.208.158.20280TCP
        2024-11-15T07:01:18.075398+010020494671A Network Trojan was detected192.168.2.449841185.208.158.20280TCP
        2024-11-15T07:01:19.117047+010020494671A Network Trojan was detected192.168.2.449847185.208.158.20280TCP
        2024-11-15T07:01:20.167044+010020494671A Network Trojan was detected192.168.2.449854185.208.158.20280TCP
        2024-11-15T07:01:21.205064+010020494671A Network Trojan was detected192.168.2.449861185.208.158.20280TCP
        2024-11-15T07:01:22.257797+010020494671A Network Trojan was detected192.168.2.449869185.208.158.20280TCP
        2024-11-15T07:01:23.297269+010020494671A Network Trojan was detected192.168.2.449876185.208.158.20280TCP
        2024-11-15T07:01:23.711052+010020494671A Network Trojan was detected192.168.2.449876185.208.158.20280TCP
        2024-11-15T07:01:25.785358+010020494671A Network Trojan was detected192.168.2.449884185.208.158.20280TCP
        2024-11-15T07:01:26.821369+010020494671A Network Trojan was detected192.168.2.449896185.208.158.20280TCP
        2024-11-15T07:01:27.885554+010020494671A Network Trojan was detected192.168.2.449901185.208.158.20280TCP
        2024-11-15T07:01:28.946667+010020494671A Network Trojan was detected192.168.2.449908185.208.158.20280TCP
        2024-11-15T07:01:29.993335+010020494671A Network Trojan was detected192.168.2.449914185.208.158.20280TCP
        2024-11-15T07:01:31.173329+010020494671A Network Trojan was detected192.168.2.449920185.208.158.20280TCP
        2024-11-15T07:01:31.591943+010020494671A Network Trojan was detected192.168.2.449920185.208.158.20280TCP
        2024-11-15T07:01:32.622953+010020494671A Network Trojan was detected192.168.2.449930185.208.158.20280TCP
        2024-11-15T07:01:33.652088+010020494671A Network Trojan was detected192.168.2.449936185.208.158.20280TCP
        2024-11-15T07:01:34.699887+010020494671A Network Trojan was detected192.168.2.449941185.208.158.20280TCP
        2024-11-15T07:01:35.764850+010020494671A Network Trojan was detected192.168.2.449947185.208.158.20280TCP
        2024-11-15T07:01:36.194262+010020494671A Network Trojan was detected192.168.2.449947185.208.158.20280TCP
        2024-11-15T07:01:37.246639+010020494671A Network Trojan was detected192.168.2.449958185.208.158.20280TCP
        2024-11-15T07:01:38.293787+010020494671A Network Trojan was detected192.168.2.449964185.208.158.20280TCP
        2024-11-15T07:01:39.346296+010020494671A Network Trojan was detected192.168.2.449970185.208.158.20280TCP
        2024-11-15T07:01:39.764461+010020494671A Network Trojan was detected192.168.2.449970185.208.158.20280TCP
        2024-11-15T07:01:40.192382+010020494671A Network Trojan was detected192.168.2.449970185.208.158.20280TCP
        2024-11-15T07:01:41.244018+010020494671A Network Trojan was detected192.168.2.449984185.208.158.20280TCP
        2024-11-15T07:01:42.289569+010020494671A Network Trojan was detected192.168.2.449991185.208.158.20280TCP
        2024-11-15T07:01:43.319445+010020494671A Network Trojan was detected192.168.2.449998185.208.158.20280TCP
        2024-11-15T07:01:44.356315+010020494671A Network Trojan was detected192.168.2.450004185.208.158.20280TCP
        2024-11-15T07:01:45.444830+010020494671A Network Trojan was detected192.168.2.450010185.208.158.20280TCP
        2024-11-15T07:01:46.488109+010020494671A Network Trojan was detected192.168.2.450017185.208.158.20280TCP
        2024-11-15T07:01:46.907019+010020494671A Network Trojan was detected192.168.2.450017185.208.158.20280TCP
        2024-11-15T07:01:47.989349+010020494671A Network Trojan was detected192.168.2.450027185.208.158.20280TCP
        2024-11-15T07:01:49.027877+010020494671A Network Trojan was detected192.168.2.450033185.208.158.20280TCP
        2024-11-15T07:01:50.067439+010020494671A Network Trojan was detected192.168.2.450039185.208.158.20280TCP
        2024-11-15T07:01:51.123442+010020494671A Network Trojan was detected192.168.2.450044185.208.158.20280TCP
        2024-11-15T07:01:52.159315+010020494671A Network Trojan was detected192.168.2.450045185.208.158.20280TCP
        2024-11-15T07:01:53.205252+010020494671A Network Trojan was detected192.168.2.450046185.208.158.20280TCP
        2024-11-15T07:01:54.251659+010020494671A Network Trojan was detected192.168.2.450047185.208.158.20280TCP
        2024-11-15T07:01:54.664781+010020494671A Network Trojan was detected192.168.2.450047185.208.158.20280TCP
        2024-11-15T07:01:55.710035+010020494671A Network Trojan was detected192.168.2.450048185.208.158.20280TCP
        2024-11-15T07:01:56.765029+010020494671A Network Trojan was detected192.168.2.450049185.208.158.20280TCP
        2024-11-15T07:01:57.197323+010020494671A Network Trojan was detected192.168.2.450049185.208.158.20280TCP
        2024-11-15T07:01:58.259279+010020494671A Network Trojan was detected192.168.2.450050185.208.158.20280TCP
        2024-11-15T07:01:59.297776+010020494671A Network Trojan was detected192.168.2.450051185.208.158.20280TCP
        2024-11-15T07:01:59.712387+010020494671A Network Trojan was detected192.168.2.450051185.208.158.20280TCP
        2024-11-15T07:02:00.762607+010020494671A Network Trojan was detected192.168.2.450052185.208.158.20280TCP
        2024-11-15T07:02:01.810741+010020494671A Network Trojan was detected192.168.2.450053185.208.158.20280TCP
        2024-11-15T07:02:02.934208+010020494671A Network Trojan was detected192.168.2.450054185.208.158.20280TCP
        2024-11-15T07:02:05.004821+010020494671A Network Trojan was detected192.168.2.450055185.208.158.20280TCP
        2024-11-15T07:02:06.057443+010020494671A Network Trojan was detected192.168.2.450056185.208.158.20280TCP
        2024-11-15T07:02:07.112714+010020494671A Network Trojan was detected192.168.2.450057185.208.158.20280TCP
        2024-11-15T07:02:08.165551+010020494671A Network Trojan was detected192.168.2.450058185.208.158.20280TCP
        2024-11-15T07:02:09.228737+010020494671A Network Trojan was detected192.168.2.450059185.208.158.20280TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-11-15T07:01:00.242697+010020501121A Network Trojan was detected192.168.2.449736185.208.158.20280TCP
        2024-11-15T07:01:01.314768+010020501121A Network Trojan was detected192.168.2.449739185.208.158.20280TCP
        2024-11-15T07:01:04.515375+010020501121A Network Trojan was detected192.168.2.449739185.208.158.20280TCP
        2024-11-15T07:01:04.941518+010020501121A Network Trojan was detected192.168.2.449739185.208.158.20280TCP
        2024-11-15T07:01:05.993931+010020501121A Network Trojan was detected192.168.2.449761185.208.158.20280TCP
        2024-11-15T07:01:07.033028+010020501121A Network Trojan was detected192.168.2.449772185.208.158.20280TCP
        2024-11-15T07:01:07.453799+010020501121A Network Trojan was detected192.168.2.449772185.208.158.20280TCP
        2024-11-15T07:01:07.867193+010020501121A Network Trojan was detected192.168.2.449772185.208.158.20280TCP
        2024-11-15T07:01:08.919409+010020501121A Network Trojan was detected192.168.2.449783185.208.158.20280TCP
        2024-11-15T07:01:10.309793+010020501121A Network Trojan was detected192.168.2.449789185.208.158.20280TCP
        2024-11-15T07:01:11.386140+010020501121A Network Trojan was detected192.168.2.449799185.208.158.20280TCP
        2024-11-15T07:01:12.421187+010020501121A Network Trojan was detected192.168.2.449805185.208.158.20280TCP
        2024-11-15T07:01:12.838984+010020501121A Network Trojan was detected192.168.2.449805185.208.158.20280TCP
        2024-11-15T07:01:13.879662+010020501121A Network Trojan was detected192.168.2.449812185.208.158.20280TCP
        2024-11-15T07:01:14.942792+010020501121A Network Trojan was detected192.168.2.449819185.208.158.20280TCP
        2024-11-15T07:01:15.984449+010020501121A Network Trojan was detected192.168.2.449827185.208.158.20280TCP
        2024-11-15T07:01:17.037400+010020501121A Network Trojan was detected192.168.2.449835185.208.158.20280TCP
        2024-11-15T07:01:18.075398+010020501121A Network Trojan was detected192.168.2.449841185.208.158.20280TCP
        2024-11-15T07:01:19.117047+010020501121A Network Trojan was detected192.168.2.449847185.208.158.20280TCP
        2024-11-15T07:01:20.167044+010020501121A Network Trojan was detected192.168.2.449854185.208.158.20280TCP
        2024-11-15T07:01:21.205064+010020501121A Network Trojan was detected192.168.2.449861185.208.158.20280TCP
        2024-11-15T07:01:22.257797+010020501121A Network Trojan was detected192.168.2.449869185.208.158.20280TCP
        2024-11-15T07:01:23.297269+010020501121A Network Trojan was detected192.168.2.449876185.208.158.20280TCP
        2024-11-15T07:01:23.711052+010020501121A Network Trojan was detected192.168.2.449876185.208.158.20280TCP
        2024-11-15T07:01:25.785358+010020501121A Network Trojan was detected192.168.2.449884185.208.158.20280TCP
        2024-11-15T07:01:26.821369+010020501121A Network Trojan was detected192.168.2.449896185.208.158.20280TCP
        2024-11-15T07:01:27.885554+010020501121A Network Trojan was detected192.168.2.449901185.208.158.20280TCP
        2024-11-15T07:01:28.946667+010020501121A Network Trojan was detected192.168.2.449908185.208.158.20280TCP
        2024-11-15T07:01:29.993335+010020501121A Network Trojan was detected192.168.2.449914185.208.158.20280TCP
        2024-11-15T07:01:31.173329+010020501121A Network Trojan was detected192.168.2.449920185.208.158.20280TCP
        2024-11-15T07:01:31.591943+010020501121A Network Trojan was detected192.168.2.449920185.208.158.20280TCP
        2024-11-15T07:01:32.622953+010020501121A Network Trojan was detected192.168.2.449930185.208.158.20280TCP
        2024-11-15T07:01:33.652088+010020501121A Network Trojan was detected192.168.2.449936185.208.158.20280TCP
        2024-11-15T07:01:34.699887+010020501121A Network Trojan was detected192.168.2.449941185.208.158.20280TCP
        2024-11-15T07:01:35.764850+010020501121A Network Trojan was detected192.168.2.449947185.208.158.20280TCP
        2024-11-15T07:01:36.194262+010020501121A Network Trojan was detected192.168.2.449947185.208.158.20280TCP
        2024-11-15T07:01:37.246639+010020501121A Network Trojan was detected192.168.2.449958185.208.158.20280TCP
        2024-11-15T07:01:38.293787+010020501121A Network Trojan was detected192.168.2.449964185.208.158.20280TCP
        2024-11-15T07:01:39.346296+010020501121A Network Trojan was detected192.168.2.449970185.208.158.20280TCP
        2024-11-15T07:01:39.764461+010020501121A Network Trojan was detected192.168.2.449970185.208.158.20280TCP
        2024-11-15T07:01:40.192382+010020501121A Network Trojan was detected192.168.2.449970185.208.158.20280TCP
        2024-11-15T07:01:41.244018+010020501121A Network Trojan was detected192.168.2.449984185.208.158.20280TCP
        2024-11-15T07:01:42.289569+010020501121A Network Trojan was detected192.168.2.449991185.208.158.20280TCP
        2024-11-15T07:01:43.319445+010020501121A Network Trojan was detected192.168.2.449998185.208.158.20280TCP
        2024-11-15T07:01:44.356315+010020501121A Network Trojan was detected192.168.2.450004185.208.158.20280TCP
        2024-11-15T07:01:45.444830+010020501121A Network Trojan was detected192.168.2.450010185.208.158.20280TCP
        2024-11-15T07:01:46.488109+010020501121A Network Trojan was detected192.168.2.450017185.208.158.20280TCP
        2024-11-15T07:01:46.907019+010020501121A Network Trojan was detected192.168.2.450017185.208.158.20280TCP
        2024-11-15T07:01:47.989349+010020501121A Network Trojan was detected192.168.2.450027185.208.158.20280TCP
        2024-11-15T07:01:49.027877+010020501121A Network Trojan was detected192.168.2.450033185.208.158.20280TCP
        2024-11-15T07:01:50.067439+010020501121A Network Trojan was detected192.168.2.450039185.208.158.20280TCP
        2024-11-15T07:01:51.123442+010020501121A Network Trojan was detected192.168.2.450044185.208.158.20280TCP
        2024-11-15T07:01:52.159315+010020501121A Network Trojan was detected192.168.2.450045185.208.158.20280TCP
        2024-11-15T07:01:53.205252+010020501121A Network Trojan was detected192.168.2.450046185.208.158.20280TCP
        2024-11-15T07:01:54.251659+010020501121A Network Trojan was detected192.168.2.450047185.208.158.20280TCP
        2024-11-15T07:01:54.664781+010020501121A Network Trojan was detected192.168.2.450047185.208.158.20280TCP
        2024-11-15T07:01:55.710035+010020501121A Network Trojan was detected192.168.2.450048185.208.158.20280TCP
        2024-11-15T07:01:56.765029+010020501121A Network Trojan was detected192.168.2.450049185.208.158.20280TCP
        2024-11-15T07:01:57.197323+010020501121A Network Trojan was detected192.168.2.450049185.208.158.20280TCP
        2024-11-15T07:01:58.259279+010020501121A Network Trojan was detected192.168.2.450050185.208.158.20280TCP
        2024-11-15T07:01:59.297776+010020501121A Network Trojan was detected192.168.2.450051185.208.158.20280TCP
        2024-11-15T07:01:59.712387+010020501121A Network Trojan was detected192.168.2.450051185.208.158.20280TCP
        2024-11-15T07:02:00.762607+010020501121A Network Trojan was detected192.168.2.450052185.208.158.20280TCP
        2024-11-15T07:02:01.810741+010020501121A Network Trojan was detected192.168.2.450053185.208.158.20280TCP
        2024-11-15T07:02:02.934208+010020501121A Network Trojan was detected192.168.2.450054185.208.158.20280TCP
        2024-11-15T07:02:05.004821+010020501121A Network Trojan was detected192.168.2.450055185.208.158.20280TCP
        2024-11-15T07:02:06.057443+010020501121A Network Trojan was detected192.168.2.450056185.208.158.20280TCP
        2024-11-15T07:02:07.112714+010020501121A Network Trojan was detected192.168.2.450057185.208.158.20280TCP
        2024-11-15T07:02:08.165551+010020501121A Network Trojan was detected192.168.2.450058185.208.158.20280TCP
        2024-11-15T07:02:09.228737+010020501121A Network Trojan was detected192.168.2.450059185.208.158.20280TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: file.exeAvira: detected
        Found malware configuration
        Source: avidenta.exe.2008.4.memstrminMalware Configuration Extractor: Socks5Systemz {"C2 list": ["bfpdiyt.com"]}
        Multi AV Scanner detection for dropped file
        Source: C:\ProgramData\epiAvidenta\epiAvidenta.exeReversingLabs: Detection: 66%
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeReversingLabs: Detection: 66%
        Multi AV Scanner detection for submitted file
        Source: file.exeReversingLabs: Detection: 28%
        Source: file.exeVirustotal: Detection: 45%Perma Link
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.7% probability
        Machine Learning detection for dropped file
        Source: C:\ProgramData\epiAvidenta\epiAvidenta.exeJoe Sandbox ML: detected
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpCode function: 1_2_10001000 ISCryptGetVersion,1_2_10001000
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpCode function: 1_2_10001130 ArcFourCrypt,1_2_10001130

        Compliance

        barindex
        Detected unpacking (overwrites its own PE header)
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeUnpacked PE file: 4.2.avidenta.exe.400000.0.unpack
        Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avidenta_is1Jump to behavior
        Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: msvcp71.pdbx# source: is-PJN23.tmp.1.dr
        Source: Binary string: msvcr71.pdb< source: is-2KG4F.tmp.1.dr
        Source: Binary string: msvcp71.pdb source: is-PJN23.tmp.1.dr
        Source: Binary string: msvcr71.pdb source: is-2KG4F.tmp.1.dr
        Source: Binary string: C:\KRAPPYSOFTWARE_CVS\KRAPPYSOFTWARE\Projects\Sparkle_Win\Release\WinSparkle.pdb source: is-E746G.tmp.1.dr

        Networking

        barindex
        Suricata IDS alerts for network traffic
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49761 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49739 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49736 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49736 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49761 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49783 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49827 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49835 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49827 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49789 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49783 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49739 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49835 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49847 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49847 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49819 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49772 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49819 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49772 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49841 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49789 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49841 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49812 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49869 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49812 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49896 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49896 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49901 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49869 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49805 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49861 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49805 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49901 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49861 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49964 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49964 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49941 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49970 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49970 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49854 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49920 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49854 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49908 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49920 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49884 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49884 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49908 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49941 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50010 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50010 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49936 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49799 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49799 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49998 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49998 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50045 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50049 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50049 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50017 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50048 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50048 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50017 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50044 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49930 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49930 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49984 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49984 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49936 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50046 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50045 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50057 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50057 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50058 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50058 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50044 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50054 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50046 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50054 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49947 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49947 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50055 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50055 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50052 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50052 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49876 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49876 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50033 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50033 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50050 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49914 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49914 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50051 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50047 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50051 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50059 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50059 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50047 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49991 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49991 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50056 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50056 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50039 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50039 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50053 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50053 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50004 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50004 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50050 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49958 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49958 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50027 -> 185.208.158.202:80
        Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50027 -> 185.208.158.202:80
        C2 URLs / IPs found in malware configuration
        Source: Malware configuration extractorURLs: bfpdiyt.com
        Source: global trafficTCP traffic: 192.168.2.4:49745 -> 89.105.201.183:2023
        Source: Joe Sandbox ViewIP Address: 185.208.158.202 185.208.158.202
        Source: Joe Sandbox ViewIP Address: 89.105.201.183 89.105.201.183
        Source: Joe Sandbox ViewASN Name: SIMPLECARRER2IT SIMPLECARRER2IT
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c444db22f31df92d8838ed12a666d307eca743ec4c2b07b5296692386688fa11c4e990 HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c444db22f31df92d8838ed12a666d307eca743ec4c2b07b5296692386688fa11c4e990 HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: unknownTCP traffic detected without corresponding DNS query: 89.105.201.183
        Source: unknownTCP traffic detected without corresponding DNS query: 89.105.201.183
        Source: unknownTCP traffic detected without corresponding DNS query: 89.105.201.183
        Source: unknownTCP traffic detected without corresponding DNS query: 89.105.201.183
        Source: unknownTCP traffic detected without corresponding DNS query: 89.105.201.183
        Source: unknownTCP traffic detected without corresponding DNS query: 89.105.201.183
        Source: unknownTCP traffic detected without corresponding DNS query: 89.105.201.183
        Source: unknownTCP traffic detected without corresponding DNS query: 89.105.201.183
        Source: unknownTCP traffic detected without corresponding DNS query: 89.105.201.183
        Source: unknownTCP traffic detected without corresponding DNS query: 89.105.201.183
        Source: unknownUDP traffic detected without corresponding DNS query: 45.155.250.90
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D772AB Sleep,RtlEnterCriticalSection,RtlLeaveCriticalSection,InternetOpenA,InternetSetOptionA,InternetSetOptionA,InternetSetOptionA,InternetOpenUrlA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,_strtok,_swscanf,_strtok,_free,Sleep,RtlEnterCriticalSection,RtlLeaveCriticalSection,_sprintf,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,_free,4_2_02D772AB
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c444db22f31df92d8838ed12a666d307eca743ec4c2b07b5296692386688fa11c4e990 HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c444db22f31df92d8838ed12a666d307eca743ec4c2b07b5296692386688fa11c4e990 HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1Host: bfpdiyt.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
        Source: global trafficDNS traffic detected: DNS query: bfpdiyt.com
        Source: avidenta.exe, 00000004.00000002.2939781539.0000000000918000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.208.158.202/405117-2476756634-1002/
        Source: avidenta.exe, 00000004.00000002.2941053362.00000000035BA000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000002.2941031460.0000000003573000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.208.158.202/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918
        Source: avidenta.exe, 00000004.00000002.2940955119.00000000034F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.208.158.202/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82d
        Source: epiAvidenta.exe.4.drString found in binary or memory: http://vinylcut.co.za/activation
        Source: is-E746G.tmp.1.drString found in binary or memory: http://winsparkle.org).
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.VinylCut.co.za
        Source: is-E746G.tmp.1.drString found in binary or memory: http://www.andymatuschak.org/xml-namespaces/sparkle#os
        Source: is-E746G.tmp.1.drString found in binary or memory: http://www.andymatuschak.org/xml-namespaces/sparkle#releaseNotesLink
        Source: is-E746G.tmp.1.drString found in binary or memory: http://www.andymatuschak.org/xml-namespaces/sparkle#releaseNotesLinktitledescriptionenclosureurlhttp
        Source: is-E746G.tmp.1.drString found in binary or memory: http://www.andymatuschak.org/xml-namespaces/sparkle#shortVersionString
        Source: is-E746G.tmp.1.drString found in binary or memory: http://www.andymatuschak.org/xml-namespaces/sparkle#version
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.craftedge.com
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.craftedge.com/activation/createspace
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.craftedge.com/activation/createspace/activate.php?Dhttps://www.craftedge.com/activation/s
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.craftedge.com/activation/cut
        Source: epiAvidenta.exe.4.drString found in binary or memory: http://www.craftedge.com/activation/greatcut
        Source: epiAvidenta.exe.4.drString found in binary or memory: http://www.craftedge.com/activation/greatcut/activate.php?Ahttps://www.craftedge.com/activation/sure
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.craftedge.com/activation/magiccutdstudio/activate.php?Dhttps://www.craftedge.com/activati
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.craftedge.com/activation/magiccutstudio
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.craftedge.com/activation/scal
        Source: epiAvidenta.exe.4.drString found in binary or memory: http://www.craftedge.com/activation/scal/activate.php?Dhttps://www.craftedge.com/activation/surecuts
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.craftedge.com/activation/smartprint/activate.php?
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.craftedge.com/purchase
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.craftedge.com/purchase/ecal
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.craftedge.com/purchase/ecal6http://www.craftedge.com/activation/ecal/activate.php??https:
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.craftedge.com/purchase/ecal_Trial
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.craftedge.com/purchase/scalbridge
        Source: epiAvidenta.exe.4.drString found in binary or memory: http://www.craftedge.com/purchase/scalpro
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.craftedge.com/purchase/scalprobTrial
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.craftedge.com/purchase/smartprint.http://www.craftedge.com/activation/smartprintChttps://
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.craftedge.com/purchaseUTrial
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.craftedge.comGTrial
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.craftedge.comNTrial
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.craftedge.comPTrial
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.easycutpro.com
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.easycutpro.com/store.html
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.easycutstudio.com
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.easycutstudio.com/buy.html
        Source: file.exe, 00000000.00000003.1694588363.000000007FBE0000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000003.1694084191.0000000002570000.00000004.00001000.00020000.00000000.sdmp, file.tmp, 00000001.00000000.1696151531.0000000000401000.00000020.00000001.01000000.00000004.sdmp, file.tmp.0.dr, is-VPILF.tmp.1.drString found in binary or memory: http://www.innosetup.com/
        Source: file.exeString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
        Source: epiAvidenta.exe.4.drString found in binary or memory: http://www.pss.co
        Source: file.exe, 00000000.00000003.1694588363.000000007FBE0000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000003.1694084191.0000000002570000.00000004.00001000.00020000.00000000.sdmp, file.tmp, 00000001.00000000.1696151531.0000000000401000.00000020.00000001.01000000.00000004.sdmp, file.tmp.0.dr, is-VPILF.tmp.1.drString found in binary or memory: http://www.remobjects.com/ps
        Source: epiAvidenta.exe.4.drString found in binary or memory: http://www.signwarehouse.com
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.signwarehouse.comRTrial
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.sizzix.com/ecallite#This
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.starcraftvinyl.com/activate
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.starcraftvinyl.com/create&http://www.starcraftvinyl.com/activate
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.starcraftvinyl.com/createDTrial
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: http://www.vinylcut.co.za
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: https://www.VinylCut.co.za
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: https://www.craftedge.com/activation
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: https://www.craftedge.com/activation/cut/activate.php??https://www.craftedge.com/activation/surecuts
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: https://www.craftedge.com/activation/surecutsalot/ecal3.php?(http://www.craftedge.com/activation/eca
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: https://www.craftedge.com/activation/surecutsalot/ecal3.php??https://www.craftedge.com/activation/su
        Source: epiAvidenta.exe.4.drString found in binary or memory: https://www.craftedge.com/activation/surecutsalot/ecal3_k.php?
        Source: epiAvidenta.exe.4.drString found in binary or memory: https://www.craftedge.com/activation/surecutsalot/greatcutd.php?
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: https://www.craftedge.com/activation/surecutsalot/scal6.php?
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: https://www.craftedge.com/activation/surecutsalot/scal6.php??https://www.craftedge.com/activation/su
        Source: epiAvidenta.exe.4.drString found in binary or memory: https://www.craftedge.com/activation/surecutsalot/scal6_k.php?
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: https://www.craftedge.com/activation/surecutsalot/skycut_kd.php?
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: https://www.craftedge.com/activation/surecutsalot/skycutd.php?
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: https://www.craftedge.com/activation/surecutsalot/starcut.php?Ahttps://www.craftedge.com/activation/
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: https://www.craftedge.com/activation/surecutsalot/starcut_k.php?
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: https://www.craftedge.com/activation/surecutsalot/vinylcut5.php?Chttps://www.craftedge.com/activatio
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: https://www.craftedge.com/activation/surecutsalot/vinylcut5_k.php?
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: https://www.craftedge.com/activation/surecutsalot/xfcut.php?
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: https://www.craftedge.com/activation/surecutsalot/xfcut_k.php?
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: https://www.easycutpro.com/activation
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: https://www.easycutpro.com/activationGhttps://www.craftedge.com/activation/surecutsalot/easysigncutp
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: https://www.easycutpro.comOTrial
        Source: file.exe, 00000000.00000003.1692240977.0000000002570000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2939897304.00000000022C2000.00000004.00001000.00020000.00000000.sdmp, file.tmp, 00000001.00000002.2940365776.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, file.tmp, 00000001.00000002.2939998553.0000000000A83000.00000004.00000020.00020000.00000000.sdmp, file.tmp, 00000001.00000003.1698287722.0000000003500000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.easycutstudio.com/support.html
        Source: epiAvidenta.exe.4.drString found in binary or memory: https://www.gccwebshop.com
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: https://www.gccwebshop.comPTrial
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: https://www.xfcut.com/activation
        Source: file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drString found in binary or memory: https://www.xfcut.com/activation?https://www.craftedge.com/activation/surecutsalot/xfcut_kd.php?=htt
        Source: epiAvidenta.exe.4.drString found in binary or memory: https://www.xfcut.com/store

        System Summary

        barindex
        PE file has a writeable .text section
        Source: avidenta.exe.1.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        Source: epiAvidenta.exe.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_00401A4F: CreateFileA,DeviceIoControl,GetLastError,CloseHandle,4_2_00401A4F
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_004010514_2_00401051
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_00401C264_2_00401C26
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_00406FB74_2_00406FB7
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02DAB4E54_2_02DAB4E5
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D8E25D4_2_02D8E25D
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D7F0854_2_02D7F085
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D94EF94_2_02D94EF9
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D92E844_2_02D92E84
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D8E6754_2_02D8E675
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D89F544_2_02D89F54
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D8DD694_2_02D8DD69
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D885124_2_02D88512
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D8AD0A4_2_02D8AD0A
        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Avidenta 2.7.7\CH375DLL.dll (copy) 3B578B15AD0D0747E8A3D958A0E7BF1FF6D5C335B8894FF7A020604DA008D79D
        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Avidenta 2.7.7\WinSparkle.dll (copy) FCB2DC122AD93E88AA07B99DB1292CF5B8F04F7F5125C7A9AD98E8790E0F7366
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: String function: 02D95400 appears 137 times
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: String function: 02D88BB0 appears 37 times
        Source: file.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
        Source: file.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
        Source: avidenta.exe.1.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
        Source: is-VPILF.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
        Source: is-VPILF.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
        Source: epiAvidenta.exe.4.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
        Source: file.exe, 00000000.00000000.1691840362.00000000004B8000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs file.exe
        Source: file.exe, 00000000.00000002.2939897304.00000000022D8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs file.exe
        Source: file.exe, 00000000.00000003.1694588363.000000007FBE0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs file.exe
        Source: file.exe, 00000000.00000003.1694084191.0000000002570000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs file.exe
        Source: file.exeBinary or memory string: OriginalFileName vs file.exe
        Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
        Source: classification engineClassification label: mal100.troj.evad.winEXE@10/57@1/2
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D808D0 FormatMessageA,GetLastError,FormatMessageA,GetLastError,4_2_02D808D0
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: CreateServiceA,CloseServiceHandle,4_2_0040D15E
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_00401F64 FindResourceA,GetLastError,SizeofResource,LoadResource,LockResource,GlobalAlloc,GetTickCount,GlobalAlloc,4_2_00401F64
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_0040D638 StartServiceCtrlDispatcherA,4_2_0040D638
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_0040D638 StartServiceCtrlDispatcherA,4_2_0040D638
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2916:120:WilError_03
        Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\is-OI716.tmpJump to behavior
        Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
        Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: file.exeReversingLabs: Detection: 28%
        Source: file.exeVirustotal: Detection: 45%
        Source: file.exeString found in binary or memory: /LOADINF="filename"
        Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp "C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp" /SL5="$10448,5263804,721408,C:\Users\user\Desktop\file.exe"
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpProcess created: C:\Windows\SysWOW64\net.exe "C:\Windows\system32\net.exe" pause avidenta_11131
        Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpProcess created: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe "C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe" -i
        Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 pause avidenta_11131
        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp "C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp" /SL5="$10448,5263804,721408,C:\Users\user\Desktop\file.exe" Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpProcess created: C:\Windows\SysWOW64\net.exe "C:\Windows\system32\net.exe" pause avidenta_11131Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpProcess created: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe "C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe" -iJump to behavior
        Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 pause avidenta_11131Jump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: netapi32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: wtsapi32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: winsta.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: rstrtmgr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: msacm32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: winmmbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: winmmbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: msftedit.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: windows.globalization.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: bcp47mrm.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: globinputhost.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: explorerframe.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: sfc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: sfc_os.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\SysWOW64\net.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\SysWOW64\net.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\net.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\net.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\net.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\net.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeSection loaded: appxsip.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeSection loaded: opcservices.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\net1.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\net1.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\net1.exeSection loaded: dsrole.dllJump to behavior
        Source: C:\Windows\SysWOW64\net1.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\net1.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\net1.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\net1.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpWindow found: window name: TMainFormJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avidenta_is1Jump to behavior
        Source: file.exeStatic file information: File size 5964353 > 1048576
        Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: msvcp71.pdbx# source: is-PJN23.tmp.1.dr
        Source: Binary string: msvcr71.pdb< source: is-2KG4F.tmp.1.dr
        Source: Binary string: msvcp71.pdb source: is-PJN23.tmp.1.dr
        Source: Binary string: msvcr71.pdb source: is-2KG4F.tmp.1.dr
        Source: Binary string: C:\KRAPPYSOFTWARE_CVS\KRAPPYSOFTWARE\Projects\Sparkle_Win\Release\WinSparkle.pdb source: is-E746G.tmp.1.dr

        Data Obfuscation

        barindex
        Detected unpacking (changes PE section rights)
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeUnpacked PE file: 4.2.avidenta.exe.400000.0.unpack .text:EW;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.vmp0:ER;.rsrc:R;
        Detected unpacking (overwrites its own PE header)
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeUnpacked PE file: 4.2.avidenta.exe.400000.0.unpack
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_00401B4B LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary,4_2_00401B4B
        Source: file.exeStatic PE information: section name: .didata
        Source: file.tmp.0.drStatic PE information: section name: .didata
        Source: is-VPILF.tmp.1.drStatic PE information: section name: .didata
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_004030B0 push eax; ret 4_2_004030DE
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_0040B728 push eax; ret 4_2_0040B6D9
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_0040B5AC push eax; ret 4_2_0040B6D9
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02DAF872 push ebp; mov dword ptr [esp], eax4_2_02DE09B9
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02DB33C2 push 483A1830h; mov dword ptr [esp], edi4_2_02DCAA4F
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02DB33C2 push edx; mov dword ptr [esp], ecx4_2_02DCAA68
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02DB33C2 push ebp; mov dword ptr [esp], edi4_2_02DCAA6F
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02DB33C2 push ebp; mov dword ptr [esp], 2584E63Bh4_2_02DE6A2B
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02DF8D68 push eax; mov dword ptr [esp], edi4_2_02DF8D84
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02DF8D68 push 0F92C0D1h; mov dword ptr [esp], eax4_2_02DF8D9E
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02DF8D68 push 1F441FD2h; mov dword ptr [esp], esp4_2_02DF8DDC
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02DAFAC5 push ebp; mov dword ptr [esp], ecx4_2_02DAFAEC
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02DDF34C push 4295A252h; mov dword ptr [esp], eax4_2_02DDF388
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D88BF5 push ecx; ret 4_2_02D88C08
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D86889 push esi; ret 4_2_02D8688B
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D86972 push edi; ret 4_2_02D86974
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D866AE push esi; ret 4_2_02D866B0
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D7EF9D push ss; iretd 4_2_02D7EF9E
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D9545B push ecx; ret 4_2_02D9546B
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D75463 push ebp; iretd 4_2_02D7546F
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D95400 push eax; ret 4_2_02D9541E
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D86595 push edi; ret 4_2_02D86597

        Persistence and Installation Behavior

        barindex
        Contains functionality to infect the boot sector
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive04_2_00401A4F
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive04_2_02D7F8AE
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpFile created: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpFile created: C:\Users\user\AppData\Local\Avidenta 2.7.7\CH375DLL.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpFile created: C:\Users\user\AppData\Local\Avidenta 2.7.7\uninstall\unins000.exe (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpFile created: C:\Users\user\AppData\Local\Avidenta 2.7.7\is-E746G.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpFile created: C:\Users\user\AppData\Local\Temp\is-K4QHQ.tmp\_isetup\_setup64.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeFile created: C:\ProgramData\epiAvidenta\epiAvidenta.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpFile created: C:\Users\user\AppData\Local\Avidenta 2.7.7\msvcp71.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpFile created: C:\Users\user\AppData\Local\Avidenta 2.7.7\WinSparkle.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpFile created: C:\Users\user\AppData\Local\Avidenta 2.7.7\is-PJN23.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpFile created: C:\Users\user\AppData\Local\Avidenta 2.7.7\is-HQ50F.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpFile created: C:\Users\user\AppData\Local\Avidenta 2.7.7\msvcr71.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpFile created: C:\Users\user\AppData\Local\Avidenta 2.7.7\cairogfx.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpFile created: C:\Users\user\AppData\Local\Avidenta 2.7.7\is-JNATO.tmpJump to dropped file
        Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpFile created: C:\Users\user\AppData\Local\Temp\is-K4QHQ.tmp\_isetup\_iscrypt.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpFile created: C:\Users\user\AppData\Local\Avidenta 2.7.7\uninstall\is-VPILF.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpFile created: C:\Users\user\AppData\Local\Avidenta 2.7.7\is-2KG4F.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeFile created: C:\ProgramData\epiAvidenta\epiAvidenta.exeJump to dropped file

        Boot Survival

        barindex
        Contains functionality to infect the boot sector
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive04_2_00401A4F
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive04_2_02D7F8AE
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_0040D638 StartServiceCtrlDispatcherA,4_2_0040D638
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D88512 RtlEncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_02D88512
        Source: C:\Users\user\Desktop\file.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary,4_2_00401B4B
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary,4_2_02D7F9B2
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeWindow / User API: threadDelayed 9542Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Avidenta 2.7.7\CH375DLL.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Avidenta 2.7.7\uninstall\unins000.exe (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Avidenta 2.7.7\is-E746G.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-K4QHQ.tmp\_isetup\_setup64.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Avidenta 2.7.7\msvcp71.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Avidenta 2.7.7\WinSparkle.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Avidenta 2.7.7\is-PJN23.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Avidenta 2.7.7\is-HQ50F.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Avidenta 2.7.7\msvcr71.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Avidenta 2.7.7\cairogfx.dll (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Avidenta 2.7.7\is-JNATO.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-K4QHQ.tmp\_isetup\_iscrypt.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Avidenta 2.7.7\uninstall\is-VPILF.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Avidenta 2.7.7\is-2KG4F.tmpJump to dropped file
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_4-19186
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe TID: 3368Thread sleep count: 337 > 30Jump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe TID: 3368Thread sleep time: -674000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe TID: 2368Thread sleep count: 54 > 30Jump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe TID: 2368Thread sleep time: -3240000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe TID: 3368Thread sleep count: 9542 > 30Jump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe TID: 3368Thread sleep time: -19084000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeFile opened: PhysicalDrive0Jump to behavior
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeThread delayed: delay time: 60000Jump to behavior
        Source: avidenta.exe, 00000004.00000002.2939781539.000000000083E000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000002.2940955119.00000000034F2000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000002.2939781539.0000000000918000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeAPI call chain: ExitProcess graph end nodegraph_4-19187
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeAPI call chain: ExitProcess graph end nodegraph_4-19900
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D901CE RtlEncodePointer,RtlEncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,IsDebuggerPresent,OutputDebugStringW,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,4_2_02D901CE
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D901CE RtlEncodePointer,RtlEncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,IsDebuggerPresent,OutputDebugStringW,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,4_2_02D901CE
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_00401B4B LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary,4_2_00401B4B
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D7648B RtlInitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,GetTickCount,GetVersionExA,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,GetProcessHeap,GetProcessHeap,RtlAllocateHeap,RtlAllocateHeap,GetProcessHeap,RtlAllocateHeap,GetProcessHeap,RtlAllocateHeap,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,_malloc,_malloc,_malloc,QueryPerformanceCounter,Sleep,_malloc,_malloc,Sleep,RtlEnterCriticalSection,RtlLeaveCriticalSection,4_2_02D7648B
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D89538 SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_02D89538
        Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 pause avidenta_11131Jump to behavior
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_02D8807D cpuid 4_2_02D8807D
        Source: C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exeCode function: 4_2_00402283 GetLocalTime,4_2_00402283
        Source: C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmpCode function: 1_2_10001000 ISCryptGetVersion,1_2_10001000

        Stealing of Sensitive Information

        barindex
        Yara detected Socks5Systemz
        Source: Yara matchFile source: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.2940566511.0000000002CD0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: avidenta.exe PID: 2008, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Yara detected Socks5Systemz
        Source: Yara matchFile source: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.2940566511.0000000002CD0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: avidenta.exe PID: 2008, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
        Native API        		1
        DLL Side-Loading        		1
        DLL Side-Loading        		1
        Deobfuscate/Decode Files or Information        		OS Credential Dumping1
        System Time Discovery        		Remote Services1
        Archive Collected Data        		2
        Ingress Tool Transfer        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault Accounts2
        Command and Scripting Interpreter        		5
        Windows Service        		5
        Windows Service        		2
        Obfuscated Files or Information        		LSASS Memory23
        System Information Discovery        		Remote Desktop ProtocolData from Removable Media2
        Encrypted Channel        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain Accounts2
        Service Execution        		1
        Bootkit        		11
        Process Injection        		2
        Software Packing        		Security Account Manager141
        Security Software Discovery        		SMB/Windows Admin SharesData from Network Shared Drive1
        Non-Standard Port        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        DLL Side-Loading        		NTDS1
        Process Discovery        		Distributed Component Object ModelInput Capture2
        Non-Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Masquerading        		LSA Secrets21
        Virtualization/Sandbox Evasion        		SSHKeylogging112
        Application Layer Protocol        		Scheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
        Virtualization/Sandbox Evasion        		Cached Domain Credentials1
        Application Window Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
        Process Injection        		DCSync2
        System Owner/User Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        Bootkit        		Proc Filesystem1
        Remote System Discovery        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
        System Network Configuration Discovery        		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 1556229 Sample: file.exe Startdate: 15/11/2024 Architecture: WINDOWS Score: 100 40 Suricata IDS alerts for network traffic 2->40 42 Found malware configuration 2->42 44 Antivirus / Scanner detection for submitted sample 2->44 46 10 other signatures 2->46 8 file.exe 2 2->8         started        process3 file4 24 C:\Users\user\AppData\Local\Temp\...\file.tmp, PE32 8->24 dropped 11 file.tmp 18 39 8->11         started        process5 file6 26 C:\Users\user\AppData\Local\...\_iscrypt.dll, PE32 11->26 dropped 28 C:\Users\user\AppData\...\unins000.exe (copy), PE32 11->28 dropped 30 C:\Users\user\AppData\Local\...\is-VPILF.tmp, PE32 11->30 dropped 32 12 other files (7 malicious) 11->32 dropped 14 avidenta.exe 1 19 11->14         started        18 net.exe 1 11->18         started        process7 dnsIp8 36 bfpdiyt.com 185.208.158.202, 49736, 49739, 49761 SIMPLECARRER2IT Switzerland 14->36 38 89.105.201.183, 2023, 49745, 49760 NOVOSERVE-ASNL Netherlands 14->38 34 C:\ProgramData\epiAvidenta\epiAvidenta.exe, PE32 14->34 dropped 20 conhost.exe 18->20         started        22 net1.exe 1 18->22         started        file9 process10

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        file.exe29%ReversingLabsWin32.Trojan.Sockssystemz
        file.exe45%VirustotalBrowse
        file.exe100%AviraHEUR/AGEN.1332534

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\ProgramData\epiAvidenta\epiAvidenta.exe100%Joe Sandbox ML
        C:\ProgramData\epiAvidenta\epiAvidenta.exe67%ReversingLabsWin32.PUA.ICLoader
        C:\Users\user\AppData\Local\Avidenta 2.7.7\CH375DLL.dll (copy)0%ReversingLabs
        C:\Users\user\AppData\Local\Avidenta 2.7.7\WinSparkle.dll (copy)0%ReversingLabs
        C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe67%ReversingLabsWin32.PUA.ICLoader
        C:\Users\user\AppData\Local\Avidenta 2.7.7\cairogfx.dll (copy)0%ReversingLabs
        C:\Users\user\AppData\Local\Avidenta 2.7.7\is-2KG4F.tmp0%ReversingLabs
        C:\Users\user\AppData\Local\Avidenta 2.7.7\is-E746G.tmp0%ReversingLabs
        C:\Users\user\AppData\Local\Avidenta 2.7.7\is-HQ50F.tmp0%ReversingLabs
        C:\Users\user\AppData\Local\Avidenta 2.7.7\is-JNATO.tmp0%ReversingLabs
        C:\Users\user\AppData\Local\Avidenta 2.7.7\is-PJN23.tmp0%ReversingLabs
        C:\Users\user\AppData\Local\Avidenta 2.7.7\msvcp71.dll (copy)0%ReversingLabs
        C:\Users\user\AppData\Local\Avidenta 2.7.7\msvcr71.dll (copy)0%ReversingLabs
        C:\Users\user\AppData\Local\Avidenta 2.7.7\uninstall\is-VPILF.tmp0%ReversingLabs
        C:\Users\user\AppData\Local\Avidenta 2.7.7\uninstall\unins000.exe (copy)0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\is-K4QHQ.tmp\_isetup\_iscrypt.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\is-K4QHQ.tmp\_isetup\_setup64.tmp0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://vinylcut.co.za/activation0%Avira URL Cloudsafe
        https://www.gccwebshop.com0%Avira URL Cloudsafe
        https://www.easycutpro.com/activation0%Avira URL Cloudsafe
        http://www.andymatuschak.org/xml-namespaces/sparkle#shortVersionString0%Avira URL Cloudsafe
        bfpdiyt.com0%Avira URL Cloudsafe
        https://www.craftedge.com/activation/cut/activate.php??https://www.craftedge.com/activation/surecuts0%Avira URL Cloudsafe
        http://www.andymatuschak.org/xml-namespaces/sparkle#releaseNotesLink0%Avira URL Cloudsafe
        http://www.andymatuschak.org/xml-namespaces/sparkle#os0%Avira URL Cloudsafe
        http://185.208.158.202/405117-2476756634-1002/0%Avira URL Cloudsafe
        http://www.craftedge.com/activation/greatcut/activate.php?Ahttps://www.craftedge.com/activation/sure0%Avira URL Cloudsafe
        http://www.signwarehouse.comRTrial0%Avira URL Cloudsafe
        http://www.craftedge.comNTrial0%Avira URL Cloudsafe
        http://www.craftedge.com/activation/smartprint/activate.php?0%Avira URL Cloudsafe
        https://www.craftedge.com/activation/surecutsalot/vinylcut5.php?Chttps://www.craftedge.com/activatio0%Avira URL Cloudsafe
        https://www.easycutpro.com/activationGhttps://www.craftedge.com/activation/surecutsalot/easysigncutp0%Avira URL Cloudsafe
        https://www.VinylCut.co.za0%Avira URL Cloudsafe
        https://www.craftedge.com/activation/surecutsalot/ecal3.php??https://www.craftedge.com/activation/su0%Avira URL Cloudsafe
        http://www.craftedge.com/purchase0%Avira URL Cloudsafe
        http://www.craftedge.com/purchase/ecal_Trial0%Avira URL Cloudsafe
        https://www.craftedge.com/activation/surecutsalot/skycut_kd.php?0%Avira URL Cloudsafe
        http://www.craftedge.comGTrial0%Avira URL Cloudsafe
        http://www.craftedge.com/activation/magiccutstudio0%Avira URL Cloudsafe
        http://www.signwarehouse.com0%Avira URL Cloudsafe
        http://www.easycutpro.com0%Avira URL Cloudsafe
        https://www.craftedge.com/activation/surecutsalot/scal6_k.php?0%Avira URL Cloudsafe
        https://www.gccwebshop.comPTrial0%Avira URL Cloudsafe
        https://www.craftedge.com/activation/surecutsalot/ecal3.php?(http://www.craftedge.com/activation/eca0%Avira URL Cloudsafe
        https://www.xfcut.com/activation0%Avira URL Cloudsafe
        https://www.craftedge.com/activation/surecutsalot/scal6.php??https://www.craftedge.com/activation/su0%Avira URL Cloudsafe
        http://www.craftedge.com/purchase/scalbridge0%Avira URL Cloudsafe
        https://www.craftedge.com/activation/surecutsalot/starcut_k.php?0%Avira URL Cloudsafe
        http://www.starcraftvinyl.com/create&http://www.starcraftvinyl.com/activate0%Avira URL Cloudsafe
        https://www.craftedge.com/activation/surecutsalot/scal6.php?0%Avira URL Cloudsafe
        http://www.craftedge.com/purchase/scalpro0%Avira URL Cloudsafe
        http://bfpdiyt.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c444db22f31df92d8838ed12a666d307eca743ec4c2b07b5296692386688fa11c4e9900%Avira URL Cloudsafe
        http://www.VinylCut.co.za0%Avira URL Cloudsafe
        http://www.easycutstudio.com/buy.html0%Avira URL Cloudsafe
        http://www.starcraftvinyl.com/activate0%Avira URL Cloudsafe
        https://www.xfcut.com/activation?https://www.craftedge.com/activation/surecutsalot/xfcut_kd.php?=htt0%Avira URL Cloudsafe
        http://www.andymatuschak.org/xml-namespaces/sparkle#releaseNotesLinktitledescriptionenclosureurlhttp0%Avira URL Cloudsafe
        https://www.easycutpro.comOTrial0%Avira URL Cloudsafe
        https://www.xfcut.com/store0%Avira URL Cloudsafe
        http://www.andymatuschak.org/xml-namespaces/sparkle#version0%Avira URL Cloudsafe
        http://www.easycutpro.com/store.html0%Avira URL Cloudsafe
        http://www.craftedge.com/activation/createspace0%Avira URL Cloudsafe
        http://www.craftedge.com/activation/greatcut0%Avira URL Cloudsafe
        http://www.craftedge.comPTrial0%Avira URL Cloudsafe
        http://winsparkle.org).0%Avira URL Cloudsafe
        https://www.craftedge.com/activation0%Avira URL Cloudsafe
        http://185.208.158.202/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e89180%Avira URL Cloudsafe
        https://www.craftedge.com/activation/surecutsalot/greatcutd.php?0%Avira URL Cloudsafe
        https://www.craftedge.com/activation/surecutsalot/xfcut.php?0%Avira URL Cloudsafe
        http://www.craftedge.com/purchase/scalprobTrial0%Avira URL Cloudsafe
        http://www.starcraftvinyl.com/createDTrial0%Avira URL Cloudsafe
        http://www.craftedge.com/activation/scal0%Avira URL Cloudsafe
        https://www.craftedge.com/activation/surecutsalot/ecal3_k.php?0%Avira URL Cloudsafe
        http://www.craftedge.com/purchase/smartprint.http://www.craftedge.com/activation/smartprintChttps://0%Avira URL Cloudsafe
        http://www.craftedge.com0%Avira URL Cloudsafe
        https://www.craftedge.com/activation/surecutsalot/xfcut_k.php?0%Avira URL Cloudsafe
        https://www.craftedge.com/activation/surecutsalot/skycutd.php?0%Avira URL Cloudsafe
        http://www.craftedge.com/purchaseUTrial0%Avira URL Cloudsafe
        http://www.craftedge.com/activation/scal/activate.php?Dhttps://www.craftedge.com/activation/surecuts0%Avira URL Cloudsafe
        http://www.easycutstudio.com0%Avira URL Cloudsafe
        http://www.craftedge.com/activation/magiccutdstudio/activate.php?Dhttps://www.craftedge.com/activati0%Avira URL Cloudsafe
        https://www.craftedge.com/activation/surecutsalot/vinylcut5_k.php?0%Avira URL Cloudsafe
        http://www.pss.co0%Avira URL Cloudsafe
        http://www.craftedge.com/purchase/ecal0%Avira URL Cloudsafe
        http://www.sizzix.com/ecallite#This0%Avira URL Cloudsafe
        http://www.craftedge.com/activation/createspace/activate.php?Dhttps://www.craftedge.com/activation/s0%Avira URL Cloudsafe
        https://www.craftedge.com/activation/surecutsalot/starcut.php?Ahttps://www.craftedge.com/activation/0%Avira URL Cloudsafe
        http://www.craftedge.com/activation/cut0%Avira URL Cloudsafe
        https://www.easycutstudio.com/support.html0%Avira URL Cloudsafe
        http://bfpdiyt.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a0%Avira URL Cloudsafe
        http://www.craftedge.com/purchase/ecal6http://www.craftedge.com/activation/ecal/activate.php??https:0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        bfpdiyt.com
        		185.208.158.202
        		truetrue
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          bfpdiyt.comtrue
          • Avira URL Cloud: safe
          		unknown
          http://bfpdiyt.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c444db22f31df92d8838ed12a666d307eca743ec4c2b07b5296692386688fa11c4e990true
          • Avira URL Cloud: safe
          		unknown
          http://bfpdiyt.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6atrue
          • Avira URL Cloud: safe
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://www.gccwebshop.comepiAvidenta.exe.4.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://vinylcut.co.za/activationepiAvidenta.exe.4.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.easycutpro.com/activationfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.andymatuschak.org/xml-namespaces/sparkle#shortVersionStringis-E746G.tmp.1.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.craftedge.com/activation/cut/activate.php??https://www.craftedge.com/activation/surecutsfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.andymatuschak.org/xml-namespaces/sparkle#releaseNotesLinkis-E746G.tmp.1.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.craftedge.com/activation/greatcut/activate.php?Ahttps://www.craftedge.com/activation/sureepiAvidenta.exe.4.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://185.208.158.202/405117-2476756634-1002/avidenta.exe, 00000004.00000002.2939781539.0000000000918000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUfile.exefalse
            		high
            http://www.andymatuschak.org/xml-namespaces/sparkle#osis-E746G.tmp.1.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.signwarehouse.comRTrialfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.craftedge.com/activation/smartprint/activate.php?file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.craftedge.com/activation/surecutsalot/vinylcut5.php?Chttps://www.craftedge.com/activatiofile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.craftedge.comNTrialfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.easycutpro.com/activationGhttps://www.craftedge.com/activation/surecutsalot/easysigncutpfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.VinylCut.co.zafile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.craftedge.com/activation/surecutsalot/ecal3.php??https://www.craftedge.com/activation/sufile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.craftedge.com/purchasefile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.craftedge.com/purchase/ecal_Trialfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.craftedge.comGTrialfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.craftedge.com/activation/surecutsalot/skycut_kd.php?file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.craftedge.com/activation/magiccutstudiofile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.signwarehouse.comepiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.easycutpro.comfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.craftedge.com/activation/surecutsalot/scal6_k.php?epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.gccwebshop.comPTrialfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.craftedge.com/activation/surecutsalot/ecal3.php?(http://www.craftedge.com/activation/ecafile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.craftedge.com/activation/surecutsalot/scal6.php??https://www.craftedge.com/activation/sufile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.xfcut.com/activationfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.craftedge.com/purchase/scalbridgefile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.starcraftvinyl.com/create&http://www.starcraftvinyl.com/activatefile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.craftedge.com/activation/surecutsalot/scal6.php?file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.craftedge.com/activation/surecutsalot/starcut_k.php?file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.craftedge.com/purchase/scalproepiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.VinylCut.co.zafile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.easycutstudio.com/buy.htmlfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.starcraftvinyl.com/activatefile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.xfcut.com/activation?https://www.craftedge.com/activation/surecutsalot/xfcut_kd.php?=httfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.andymatuschak.org/xml-namespaces/sparkle#releaseNotesLinktitledescriptionenclosureurlhttpis-E746G.tmp.1.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.easycutpro.comOTrialfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.xfcut.com/storeepiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.andymatuschak.org/xml-namespaces/sparkle#versionis-E746G.tmp.1.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.easycutpro.com/store.htmlfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.innosetup.com/file.exe, 00000000.00000003.1694588363.000000007FBE0000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000003.1694084191.0000000002570000.00000004.00001000.00020000.00000000.sdmp, file.tmp, 00000001.00000000.1696151531.0000000000401000.00000020.00000001.01000000.00000004.sdmp, file.tmp.0.dr, is-VPILF.tmp.1.drfalse
              		high
              http://www.craftedge.com/activation/createspacefile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.craftedge.com/activation/greatcutepiAvidenta.exe.4.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.craftedge.comPTrialfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://winsparkle.org).is-E746G.tmp.1.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://www.craftedge.com/activationfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://185.208.158.202/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918avidenta.exe, 00000004.00000002.2941053362.00000000035BA000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000002.2941031460.0000000003573000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://www.craftedge.com/activation/surecutsalot/xfcut.php?file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://www.craftedge.com/activation/surecutsalot/greatcutd.php?epiAvidenta.exe.4.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.craftedge.com/purchase/scalprobTrialfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.starcraftvinyl.com/createDTrialfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.craftedge.com/activation/scalfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://www.craftedge.com/activation/surecutsalot/ecal3_k.php?epiAvidenta.exe.4.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.craftedge.com/purchase/smartprint.http://www.craftedge.com/activation/smartprintChttps://file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://www.craftedge.com/activation/surecutsalot/xfcut_k.php?file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.craftedge.comfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://www.craftedge.com/activation/surecutsalot/skycutd.php?file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.craftedge.com/purchaseUTrialfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.craftedge.com/activation/scal/activate.php?Dhttps://www.craftedge.com/activation/surecutsepiAvidenta.exe.4.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.easycutstudio.comfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.craftedge.com/activation/magiccutdstudio/activate.php?Dhttps://www.craftedge.com/activatifile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.vinylcut.co.zafile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
                		unknown
                https://www.craftedge.com/activation/surecutsalot/vinylcut5_k.php?file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.sizzix.com/ecallite#Thisfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.pss.coepiAvidenta.exe.4.drfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.craftedge.com/purchase/ecalfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.craftedge.com/activation/surecutsalot/starcut.php?Ahttps://www.craftedge.com/activation/file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.craftedge.com/activation/cutfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.craftedge.com/activation/createspace/activate.php?Dhttps://www.craftedge.com/activation/sfile.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.remobjects.com/psfile.exe, 00000000.00000003.1694588363.000000007FBE0000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000003.1694084191.0000000002570000.00000004.00001000.00020000.00000000.sdmp, file.tmp, 00000001.00000000.1696151531.0000000000401000.00000020.00000001.01000000.00000004.sdmp, file.tmp.0.dr, is-VPILF.tmp.1.drfalse
                  		high
                  https://www.easycutstudio.com/support.htmlfile.exe, 00000000.00000003.1692240977.0000000002570000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2939897304.00000000022C2000.00000004.00001000.00020000.00000000.sdmp, file.tmp, 00000001.00000002.2940365776.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, file.tmp, 00000001.00000002.2939998553.0000000000A83000.00000004.00000020.00020000.00000000.sdmp, file.tmp, 00000001.00000003.1698287722.0000000003500000.00000004.00001000.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.craftedge.com/purchase/ecal6http://www.craftedge.com/activation/ecal/activate.php??https:file.tmp, 00000001.00000002.2941571199.0000000005FA2000.00000004.00001000.00020000.00000000.sdmp, avidenta.exe, 00000004.00000003.1716953222.00000000026C4000.00000004.00000020.00020000.00000000.sdmp, avidenta.exe, 00000004.00000000.1716033968.0000000000638000.00000002.00000001.01000000.00000008.sdmp, avidenta.exe.1.dr, is-679Q3.tmp.1.dr, epiAvidenta.exe.4.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://185.208.158.202/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82davidenta.exe, 00000004.00000002.2940955119.00000000034F0000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    185.208.158.202
                    		bfpdiyt.comSwitzerland
                    		34888SIMPLECARRER2ITtrue
                    89.105.201.183
                    		unknownNetherlands
                    		24875NOVOSERVE-ASNLfalse

                    General Information

                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1556229
                    Start date and time:2024-11-15 06:59:10 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 5m 49s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:10
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:file.exe
                    Detection:MAL
                    Classification:mal100.troj.evad.winEXE@10/57@1/2
                    EGA Information:
                    • Successful, ratio: 50%
                    HCA Information:
                    • Successful, ratio: 82%
                    • Number of executed functions: 56
                    • Number of non-executed functions: 79
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Execution Graph export aborted for target file.tmp, PID 2316 because there are no executed function
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    01:00:39API Interceptor511595x Sleep call for process: avidenta.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    185.208.158.202gxjIKuKnu7.exeGet hashmaliciousSocks5SystemzBrowse
                      OFjT8HmzFJ.exeGet hashmaliciousSocks5SystemzBrowse
                        BJqvg1iEdr.exeGet hashmaliciousSocks5SystemzBrowse
                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Socks5Systemz, Stealc, VidarBrowse
                            G4G14X6zxY.exeGet hashmaliciousSocks5SystemzBrowse
                              K5G8ehb2X4.exeGet hashmaliciousSocks5SystemzBrowse
                                VgTEzAer6E.exeGet hashmaliciousSocks5SystemzBrowse
                                  iv2Mm5SEJF.exeGet hashmaliciousSocks5SystemzBrowse
                                    R3Tb6f1QFD.exeGet hashmaliciousSocks5SystemzBrowse
                                      FrYYvqvO2s.exeGet hashmaliciousSocks5SystemzBrowse
                                        89.105.201.183OFjT8HmzFJ.exeGet hashmaliciousSocks5SystemzBrowse
                                        • 404
                                        N6jsQ3XNNX.exeGet hashmaliciousSocks5SystemzBrowse
                                        • 200
                                        cv viewer plugin 8.31.40.exeGet hashmaliciousSocks5SystemzBrowse
                                        • 200

                                        Domains

                                        No context

                                        ASNs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        SIMPLECARRER2IThttp://www.intelliclicksoftware.net/clicktrack2/click.aspx?ActionType=CreateHistory&CustomerID=GM-CSATRANS&ParentRecordID=&Campaign=Thank%20You%20For%20Your%20Business%20SR&Name=&Company=&Phone=&Email=&Subject=Click%20Through&WebNav=True&URL=http://johnvugrin.comGet hashmaliciousHTMLPhisherBrowse
                                        • 185.196.8.148
                                        gxjIKuKnu7.exeGet hashmaliciousSocks5SystemzBrowse
                                        • 185.208.158.202
                                        https://www.imap.ne.jp/banner_click/add/20/1/?a&url=http://uniteseoul.comGet hashmaliciousHTMLPhisherBrowse
                                        • 185.208.158.9
                                        OFjT8HmzFJ.exeGet hashmaliciousSocks5SystemzBrowse
                                        • 185.208.158.202
                                        BJqvg1iEdr.exeGet hashmaliciousSocks5SystemzBrowse
                                        • 185.208.158.202
                                        file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Socks5Systemz, Stealc, VidarBrowse
                                        • 185.208.158.202
                                        kC3x9xfqbq.exeGet hashmaliciousAmadeyBrowse
                                        • 185.208.159.121
                                        G4G14X6zxY.exeGet hashmaliciousSocks5SystemzBrowse
                                        • 185.208.158.202
                                        kC3x9xfqbq.exeGet hashmaliciousAmadeyBrowse
                                        • 185.208.159.121
                                        K5G8ehb2X4.exeGet hashmaliciousSocks5SystemzBrowse
                                        • 185.208.158.202
                                        NOVOSERVE-ASNLgxjIKuKnu7.exeGet hashmaliciousSocks5SystemzBrowse
                                        • 89.105.201.183
                                        OFjT8HmzFJ.exeGet hashmaliciousSocks5SystemzBrowse
                                        • 89.105.201.183
                                        BJqvg1iEdr.exeGet hashmaliciousSocks5SystemzBrowse
                                        • 89.105.201.183
                                        file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Socks5Systemz, Stealc, VidarBrowse
                                        • 89.105.201.183
                                        G4G14X6zxY.exeGet hashmaliciousSocks5SystemzBrowse
                                        • 89.105.201.183
                                        K5G8ehb2X4.exeGet hashmaliciousSocks5SystemzBrowse
                                        • 89.105.201.183
                                        VgTEzAer6E.exeGet hashmaliciousSocks5SystemzBrowse
                                        • 89.105.201.183
                                        iv2Mm5SEJF.exeGet hashmaliciousSocks5SystemzBrowse
                                        • 89.105.201.183
                                        R3Tb6f1QFD.exeGet hashmaliciousSocks5SystemzBrowse
                                        • 89.105.201.183
                                        FrYYvqvO2s.exeGet hashmaliciousSocks5SystemzBrowse
                                        • 89.105.201.183

                                        JA3 Fingerprints

                                        No context

                                        Dropped Files

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        C:\Users\user\AppData\Local\Avidenta 2.7.7\CH375DLL.dll (copy)file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, Zhark RATBrowse
                                          gxjIKuKnu7.exeGet hashmaliciousSocks5SystemzBrowse
                                            NBoJCkvcb1.exeGet hashmaliciousBabadeda SystemBCBrowse
                                              C:\Users\user\AppData\Local\Avidenta 2.7.7\WinSparkle.dll (copy)file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, Zhark RATBrowse
                                                gxjIKuKnu7.exeGet hashmaliciousSocks5SystemzBrowse
                                                  NBoJCkvcb1.exeGet hashmaliciousBabadeda SystemBCBrowse

                                                    Created / dropped Files

                                                    C:\ProgramData\ep1113it47.dat

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    File Type:ISO-8859 text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):8
                                                    Entropy (8bit):2.0
                                                    Encrypted:false
                                                    SSDEEP:3:vTCl/ln:Li
                                                    MD5:8640A87AAC4CC7E20B871D0EA517D081
                                                    SHA1:B100F28CE5C69D162DE1D508260FCDB860077AF8
                                                    SHA-256:609CC50CE12B3551600CC2B479BA888EAD7C1E4C9DBD7B013BF1BF2DA615F357
                                                    SHA-512:0C6DF5A287D698EE9D55FDB362960837B3868DA847FA5B1A76D8835692BC5B0A54DEF78DFDEB1801ADB31733DF9973CA7C5360982E596CFCFD966781F686A710
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:..6g....

                                                    C:\ProgramData\ep1113rc47.dat

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):4
                                                    Entropy (8bit):0.8112781244591328
                                                    Encrypted:false
                                                    SSDEEP:3:i:i
                                                    MD5:EF0F409F0799E0546CBECC4A6C609AEF
                                                    SHA1:CD5A8501E23DB0E06030E562829C372816F8E887
                                                    SHA-256:D23F96D836EBED25AD1D3D2B9D92362252CC8A347A98312A75284F7F6D08BD02
                                                    SHA-512:6DC8AF620E1D800DD391FA8BF22FD7903776C26AF8C642C94F3F63C4DAEF1AF00F3B8C9FD050E86D2AFAFCBA864EC854C57A843EDA3E88B356DBD6CE743290A4
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:C...

                                                    C:\ProgramData\ep1113resa.dat

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):128
                                                    Entropy (8bit):2.9545817380615236
                                                    Encrypted:false
                                                    SSDEEP:3:SmwW3Fde9UUDrjStGs/:Smze7DPStGM
                                                    MD5:98DDA7FC0B3E548B68DE836D333D1539
                                                    SHA1:D0CB784FA2BBD3BDE2BA4400211C3B613638F1C6
                                                    SHA-256:870555CDCBA1F066D893554731AE99A21AE776D41BCB680CBD6510CB9F420E3D
                                                    SHA-512:E79BD8C2E0426DBEBA8AC2350DA66DC0413F79860611A05210905506FEF8B80A60BB7E76546B0CE9C6E6BC9DDD4BC66FF4C438548F26187EAAF6278F769B3AC1
                                                    Malicious:false
                                                    Reputation:moderate, very likely benign file
                                                    Preview:30ea4c433b26b5bea4193c311bc4a25098960f3df7dbf2a6175bf7d152ea71ca................................................................

                                                    C:\ProgramData\ep1113resb.dat

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):128
                                                    Entropy (8bit):1.7095628900165245
                                                    Encrypted:false
                                                    SSDEEP:3:LDXdQSWBdMUE/:LLdQSGd
                                                    MD5:4FFFD4D2A32CBF8FB78D521B4CC06680
                                                    SHA1:3FA6EFA82F738740179A9388D8046619C7EBDF54
                                                    SHA-256:EC52F73A17E6AFCF78F3FD8DFC7177024FEB52F5AC2B602886788E4348D5FB68
                                                    SHA-512:130A074E6AD38EEE2FB088BED2FCB939BF316B0FCBB4F5455AB49C2685BEEDCB5011107A22A153E56BF5E54A45CA4801C56936E71899C99BA9A4F694A1D4CC6D
                                                    Malicious:false
                                                    Reputation:moderate, very likely benign file
                                                    Preview:dad6f9fa0c8327344d1aa24f183c3767................................................................................................

                                                    C:\ProgramData\epiAvidenta\epiAvidenta.exe

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):3698688
                                                    Entropy (8bit):6.580367741040878
                                                    Encrypted:false
                                                    SSDEEP:49152:0nbWWMORoxCgL/hEYqncOW+F+wKbyUYa6Ql0G3bk7jsIJNU:cCB/hEYqncOW+F+WhvPnJN
                                                    MD5:19F9733DCD58AFF930F87ACDAF4A09FB
                                                    SHA1:4076EABD809CA63AB6619A9D85C8F5D686F89728
                                                    SHA-256:EF9C847985C1588A5D5F85ECAFDACE935D98C10AC9411E5C7040A7900A95FC43
                                                    SHA-512:92BFC472EF3A965F6993163AA32E14273DE23061BED77125BD6D165A42FE39C83E2E07D33B86AD68F9893A0C347CAC7F063E667440422CC2E94EA45750ADECA8
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                    • Antivirus: ReversingLabs, Detection: 67%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......L..................".........p."......."...@...........................8.......8.....................................<.".......#..C............................................................................".h............................text.....".......".................`....rdata..`.....".......".............@..@.data....c....#..0....".............@....rsrc....D....#..D...,#.............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\CH375DLL.dll (copy)

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):15864
                                                    Entropy (8bit):5.446150628226878
                                                    Encrypted:false
                                                    SSDEEP:384:zVQEjoZ7ooLzDCccymQx/9DSpNAJemtjf0Ncl08:zV1joxLH1SpKJtTF08
                                                    MD5:43F2BC6828B177477C2F98B8973460E8
                                                    SHA1:F0A3C975346AF66A843E8B49574DC9083CD32E02
                                                    SHA-256:3B578B15AD0D0747E8A3D958A0E7BF1FF6D5C335B8894FF7A020604DA008D79D
                                                    SHA-512:2449C3D615E5BCECE4C1B773FE629A75061A3E1488F6D3D743D7D209F1D687F26997937AB13B3A1B89B650D122DB030D2188E1E89BC1AB03CF2DF9A29CAA456C
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Joe Sandbox View:
                                                    • Filename: file.exe, Detection: malicious, Browse
                                                    • Filename: gxjIKuKnu7.exe, Detection: malicious, Browse
                                                    • Filename: NBoJCkvcb1.exe, Detection: malicious, Browse
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................l.......^...............Rich............PE..L.....C (.........!.........................0....@..........................`......B}...............................'.......$..P....@..H....................P..<.......T...............................................|............................text............................... ..`.data........0....... ..............@....rsrc...H....@......."..............@..@.reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\Arrows.scal (copy)

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):56223
                                                    Entropy (8bit):7.675938408908281
                                                    Encrypted:false
                                                    SSDEEP:1536:/+jsHu4IMEuSznazX2TQZwm+WxhM6HMy6Z7:/ppIMEulGTuwmXhMwMB
                                                    MD5:619CA288DE840F0BEC52218DB7F2036C
                                                    SHA1:D1D5389AAE91284734F4940BD8319CFA2BC40A0D
                                                    SHA-256:C2A6D78B635CA45E316D10936EF7507B1643F4674BAA08B79FE22285EADC3966
                                                    SHA-512:4FACBC40E37F9801E9177A057D55BF236C5FBCE5397AF973B60B21C027AB258FD1A91B893F93AE3100A6785AD67089FBF623C121B7D4990A987A311E47314E5C
                                                    Malicious:false
                                                    Preview:BSCAL...............)...............................................$..G..............4........=.......~L..`.....U........n........y.......T............O....W...%....|...b............z................DSCAL...............................|.1..%.[.B=l.8....I9s\QP2..?..U.G....."....7..[d.b...6.,J]./;[.{T....*bV....$G.M......../T..5y............w.5.y...N...:.,.y..k.........0....0........Arrows.Craft Edge.Shapes..........8.....8"...`...............................DSCAL................................ u..d[........P.[..Y5eD..w..s.5~.._.Ev\.,o...E.......}5..3J..6.6E<W|.....6.[..s..... .@zc.X.f....I.........R.f..x.T.....A.........1....1..."....Arrow 1.Craft Edge.Shapes..........8.....8....`.........Arrow 1.d.d......PNG........IHDR...d...d.....p.T....bKGD.............AIDATx...KHT{....c.$......l..g(...DP..4.@#h.Zd.,.!Y..R8.P..&.EFa..I.E....K."....t..v.v.uG...2.....A_..9z,B.4....Po@|O.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(&,...v.......C..Phii....7o.P[[..h......

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\Basic Shapes.scal (copy)

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):132979
                                                    Entropy (8bit):7.662743912764236
                                                    Encrypted:false
                                                    SSDEEP:3072:viQWV2mUue1Kkp5F8U4rpAzmYDbUabHidS42O9mR:vTWa91dFr4rpwnUTdF2O6
                                                    MD5:F88752DB58C53A82F2DCD5D11F8233AB
                                                    SHA1:6D41999B017AD74783339AD00E03811F48A60E97
                                                    SHA-256:8B5AD9F2E46D3331989887761AFB6C3C7786BCA8D846444BF2FF234FD4E0E2DD
                                                    SHA-512:86350CC5DB773D092BFBDCB5710E90391ECE9D243E16706CD17E62197683520478FD32C2D4036DF45AF9326F59BF263A7FF7E56C662BEC5AA3960F6328852A00
                                                    Malicious:false
                                                    Preview:BSCAL.......................-......4........S....:.................!)........6.._....C<..>.....D......./S........\........b..i.....z.......W........j........f...-.................I........v....c...9......................J........*$........0..r.....;..&.....G..B.....M........Z........^........b..x....%v...........o....U...W................./........U.................;......................p................. .................a.......DSCAL..........................@...5.2N33....^m...n-.C0O.i.!w.2G.,.".).22.............a{[X ..N.>...{.,.W..0...{.]F<{a<f~....+.=...sj....M.,.<..z.(~.V.2|i....{j.(..C.'..`..]......R...Ex2...H.N.............6....6........Basic Shapes.Craft Edge.Shapes................."...`...............................DSCAL..........................@...3..k33....^m...n-.C0O.i.!w.2G.,.".).22|..B..[k.3..Y.....B..q..}4..X<.96H.. v..N...Nr......@......ss#%.\.:.g.3..4..$.e..3...3.....bd..c.<:.....L.t..... ...y.Y...................F....Arch.Craft Edge.Shapes...........

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\Createinspain Designs.scal (copy)

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):543833
                                                    Entropy (8bit):7.50496335178111
                                                    Encrypted:false
                                                    SSDEEP:6144:9DQ1236dLlSmlgZOw9/+wdM0zOyJromlIK1Z7HsH1GpYMnhdjYnDf67:dx6dLk/xSc+6sV8YIhdkDf67
                                                    MD5:7D692438B7E70DE932BC386A3D44D319
                                                    SHA1:5FC91DF8EA79A005A8583DCF44E0D48B7EC5A90F
                                                    SHA-256:05CB2D622DDEED62E052B8BBDB19DBE99B83F44F4447408601823B518D330586
                                                    SHA-512:1A605B25724B91BE5802104BC8BAA0C4EB0A3638CFD84D8AECFF10FC41B72BFD44DDD8DA34373C1BB8B7C8D4823D222441E0CFAF9696B8F119F8BEA37ED9724D
                                                    Malicious:false
                                                    Preview:BSCAL.......................4......D....6........'...j0....H..b........x....k........T...G%....9..}0....j...........]....r...N..................2...x...#............./...:9...iJ...F............k........d...z................-.................d...."............S....%...........................)..=.....7........B..@.....]........o..E....;....A...+...09...[....2..../..y....];........J.......WX........e........r......._...2........L........'.......=k....<..o^........Q.......<........A........r..DSCAL........@a"-..............@......v33....^m...n-.C0O.i.!w.2G.,.".).22.....N%....;.b7.P....G...1.u...iD..........A...[ys.@..zX.m.j.Y~....y...K<....n.l.......L...P..=......@...@.A4...t.@"..*z..........F....F........Createinspain Designs.Craft Edge.Miscellaneous..........4.....4....`...............................DSCAL..........................@.....r33....^m...n-.C0O.i.!w.2G.,.".).22.,"...~u..@....7.p.m.Q.&?@..d.>........ <"..-.`2@...aM.....+,..<........Sm.9....C.O.5p.Q..c....*

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\Fall.scal (copy)

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):81816
                                                    Entropy (8bit):7.707519991934002
                                                    Encrypted:false
                                                    SSDEEP:1536:bsicsYedzR8eO9gKbvL2aiWqAIqwsoxlprW+DWu8UYHI7zoZ8jPy74RSBsZ:7p/dG9Bbz2DWqA1w7jKGWY3oujfRSBsZ
                                                    MD5:4C1F9B5ECF86DC7B839BF5D8F3ADFDC0
                                                    SHA1:CC6D1748BD0FFBB9036C0D871EC894E59B1CD6FC
                                                    SHA-256:F2A2A3C04FB8E6E9467A62B408F705D77C9A4269B2ADF5EC1947A871A0D1C4F9
                                                    SHA-512:C49470EBA77A8616E7CE32CFE8DA98010635BDA0046BD8904328D11777162DE9774635F20627A772F24719DA3C7E217CDEB8A8ED41BBD71B04C722D6F0E217AB
                                                    Malicious:false
                                                    Preview:BSCAL.....................y.................#..............%..F.....D...(....m................X...x........q....A...`..................%...H...P$..DSCAL.................................`..xG{0.G.N.X..)_...j.QW...K. t.{.L..!'.%=.....I..bE..|&..N2..!..s..c..x6..../D..c.=FEY....J..7.V.Q...>j..:.B......5....p.........................Fall.Craft Edge.Shapes..........9.....9!...`...............................DSCAL.................................l.........H.ES..5.....P.Qo{.=...T...*-.\X.h.5|S9.<...frt..N.k.n.-.2...-.,...M......!.B{.`n...~O.d..l.5......f.V..4BZ. ............/..../...7....Acorn.Craft Edge.Shapes..........9.....9....`.v.......Acorn.d.d.c....PNG........IHDR...d...d.....p.T....bKGD..............IDATx..{|S...I.$M....By....E(.D...Zqt....yl...{.P.|.6...G......+.V@..@'..h...B.i.4..q...!V..7.....49.{.o...{.2A........@._G...H..'.i.............].kF....W......@.dP...=QT..<8y.o.."..&.^Haa!3.N"g......w{..mJJ.."%%%h..V....g.sS...d.D...t..j.S1..k!UUU...'..7?.F

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\Game.scal (copy)

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):66594
                                                    Entropy (8bit):7.800838697373916
                                                    Encrypted:false
                                                    SSDEEP:1536:bOqndgG+IQ32TpUJz0DXmKTmg9usUFSZVl:bvQ3216zuXlFZVl
                                                    MD5:DE2D8D73F85285535A13F89B0F904847
                                                    SHA1:A4A42EB9FA7F9C8A51CD24560D999163DEE57290
                                                    SHA-256:306F7E5AFA1685939708DBBDAC6A0DD91DFE7C106BA6F84780BE9E44656B775B
                                                    SHA-512:CD1E87D933E8E821769721A1B03E244655D519722329E114388FD5E18F4DA57DAA7D2E769379C4938BA8F958AA71A87FD1DA194967A57EF5B94AA3347ECB8D29
                                                    Malicious:false
                                                    Preview:BSCAL.....................y...............................>!..M.....-..&.....I..).....Z........y..H......................}.........................DSCAL..............................4..a.A...;..l..0=a..S^[{.. ....D.2R..[N.HFm.qA%.D1E..<..~....i...e....R....O...`@...{P.....PAn|...J.......'I.4|0.....]H..I!D..........................Game.Craft Edge.Shapes..........9.....9....`...............................DSCAL....................................V.%....w$..g.....n..p.~......5W...Wi;..O.-.T..6T.,...(*..........*.......l<|....<...A.F_......`..).v.;....:.Q.........................Club.Craft Edge.Shapes..........9.....9.7..`.........Club.d.d......PNG........IHDR...d...d.....p.T....bKGD..............IDATx..{....?.......rY..0.PX..X.07...\.r..Fc.. .0.$>....ZIU....h..(r....-., ..B..X.X.1;....ced....L...g.t......9.....;..y..(..|7..466r..a..9..'.4..02....X,.......`.aD".<..g.. ..g...x..j.ne....E$.A.$<...<...q\$ID.....$Ix..e.$.I..(..g.iL.<........|.....q...x..

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\MichelleMyBelle Creations.scal (copy)

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):595545
                                                    Entropy (8bit):7.0713050562667386
                                                    Encrypted:false
                                                    SSDEEP:12288:fTBZLFkAEYvIfNLmu2cTbZqSNTuh4kMjBUJ84Ch9ycd8sl:f7LgLF2cbZtNT+sjOJXCrgsl
                                                    MD5:3695D419AA9C7B11C464BE2A58A40530
                                                    SHA1:C73513DF0555DB421EF81EF436136E53CCF4EE11
                                                    SHA-256:0487C6C64C185AC5BF459A907F302E363E5A162081B651570E691B3EA07818DD
                                                    SHA-512:54883F5E76E2208856F07DC16C9E5BCEA3ACBDA7C4B9CE48BF043CC371AD57F2925DCB6360CA85F5725609FC692906546B6E5BF70D8F839A206E06316C9E2F59
                                                    Malicious:false
                                                    Preview:BSCAL.......................2......H....(...........w....r...&?........E...cI...2....|...D........!................."....#...)....M...2............c....-........"........X...JW...*.......4........+........n...BQ..."....s...5...U...5/........@...8....M....f...2.......d*...a........1....+...3...j'....D...,...Kq.../...(....!.......b....H...~.........-...u<.......{R..r.....j..@....-....B........*......../...."..\$....G........`..].....y...(.......5............k... "...........DSCAL..........................@......d33....^m...n-.C0O.i.!w.2G.,.".).22...S...V.P...~).......PJ...._..q..7.4..l...}.........^M.rY......".L..+...|.X.....)...i..B...+~i..s.82.X........x.9..(M..L.........J....J........MichelleMyBelle Creations.Craft Edge.Miscellaneous..........;.....;B...`...............................DSCAL..........................@...c..#33....^m...n-.C0O.i.!w.2G.,.".).22.F..`m`..XJh9u..pFdCp%.R..9z.n...Qe.. 3.{,"....,`.9.+.5.D........vr..72#..s.U.y"[.6...h.3M. 2O..x.f.Ah.`.L.9...

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\Music.scal (copy)

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):44241
                                                    Entropy (8bit):7.747233988337866
                                                    Encrypted:false
                                                    SSDEEP:768:tZh3JPKW648iSo736Az5jwwcFuyZ3Y1Lnhe5xaLZPTAXogkA1sywv6:thPKz4/7h6fZ3Y1LhqxaB0Xrkosfv6
                                                    MD5:561A63F0CD4A70F3134143A5E266E58D
                                                    SHA1:18F871AE3532B1F9A030EBF2EEE7AA7A4491D60C
                                                    SHA-256:7C1B0B11EBF37D03AE2F6CF5135593D604BC1D3BF942329A3952DC0CCB770769
                                                    SHA-512:52F15AE1794120CA3E7E6204A4AEC9364BB8EBF7BF446753C53E8B5232BD7F76114603DABF41562318903EBEBB5390CDC4E651CDB33350AC5F3C0BDEDBBE3594
                                                    Malicious:false
                                                    Preview:BSCAL.....................g........,.............Q........0........(,.......19........B..C.....W........_........t..Y$...'.......DSCAL..........................@...Ps..33....^m...n-.C0O.i.!w.2G.,.".).22.4....Q....<.^..]e..!..G`......E..B..,..O..ev.b.....j P[Oc. ?1o65.O..r.dp.X.....7..O*B...p.Q..pU....e<...4X.H...uU4J*?.........................Music.Craft Edge.Music.................0'..`...............................DSCAL........`.................@....:.<33....^m...n-.C0O.i.!w.2G.,.".).22.P...A....^.M._.Z.vpMD<.Z.i+..\:.v......."...o...E.5..W.......M).....@.....K....~.t(.y...T.S......6~..hx..~w.=..d.3'.............4....4........Double Note.Craft Edge.Music................. ...`.........Double Note.d.d......PNG........IHDR...d...d.....p.T....bKGD..............IDATx..ML....}..v.n.Xy..iS..h<j8.1x.111.x0^L..M.zQ.&..$....1..'.....H./@)..R.ei;...o.R...:...v..<;...4.Q.B...-u....p..`..`..@....p.\+.cB..,................ ...099.o...8.<.B...(^.x.....e1!.J.099.@ .@ .`0

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\Newborn.scal (copy)

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):76044
                                                    Entropy (8bit):7.781593198930996
                                                    Encrypted:false
                                                    SSDEEP:1536:9zCUsvuDmEm7KAaAJB2x56SPCwlkmsKpUaYVRMguAIXSA2:9z/s2Vm7KAajfl/sKpUaYVRM8YSf
                                                    MD5:FA20A58E0C27D4DED87150AADDBB2556
                                                    SHA1:74CF094D22A5806FD0DF01701851309CA3D3F263
                                                    SHA-256:A047FE59A6C64A6C17B887934245E64DAB2CDA4925B259456596C2C597740D75
                                                    SHA-512:3E1C65AD1FB8728724FEFCB8601918BEABCFBF4DC31AE17BC5BAD66BFA32DB184950AC077B0B27AE399A4B3A6B5890AAB325805F4444CDF07C4D216B7FDA4EDD
                                                    Malicious:false
                                                    Preview:BSCAL............................................l........"#........;.......iY........h..b....gz...........S....r...'.............p........=...^.............D...N........z...DSCAL..............................{.I..T.......\..?....;....X.+$g.=.7|5..G.N..X....v.eo.@.[...9.*>E.Y{..}[......w!j+..vy.8.p...w..&......I..B..s.W..\.G..f........../..../........Newborn.Craft Edge.Baby..........:.....:@...`...............................DSCAL..............................}.r..@.1.R...1H...Ul.A.k......~...l.[.J:E.X.".d(6J.*.....r..P....X.....I.j,.72Gcd$......>Xd.y,.[.e..zP`..$I......g5x..MhG.........................Bottle.Craft Edge.Baby..........:.....:. ..`.g.......Bottle.d.d.S....PNG........IHDR...d...d.....p.T....bKGD..............IDATx...Kh.k...'1*..I.1......QIM.X.."n,...*...U(RQhA..........Ru./XKI..N5.....g!...j&.s.~.N2....\.!.""..G....d2x....`.m.a..*..=@%..;.......btt....8~...*C.u..Mjmm....o?......&.u...*.. .iR4.......d(.......|.z..%. ....(.J..^.ze.X.p

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\Spring.scal (copy)

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):92038
                                                    Entropy (8bit):7.7200406826946235
                                                    Encrypted:false
                                                    SSDEEP:1536:ca4Jw4jmV7T35O0vMSndbJMZSMSU514ph64P8beNFbWmGINBU0Od:ca2bmh35rkmrU5f4P8beNhhG0rM
                                                    MD5:E98226F38153CFBF93BF77744E364434
                                                    SHA1:6E613678B12144ADAA5ADCC18AA40965EB903101
                                                    SHA-256:825F3BA18ABDFA2164FBC1D183D8C1C178C9D99C3C4B694AC358D833A755D241
                                                    SHA-512:228B1334D11F455EC6610DB53E36BCC2D747975EB5E8D650D41C92FD856A34E266ACE5A8A094FCE407E518EF76B6E0B00C983A0CDCE2B930B2222E16A4B6A5CD
                                                    Malicious:false
                                                    Preview:BSCAL...................................................../+.......'G..\.....]..9.....s..~....:...^.........!.......X%.......7....4....!........?...qX......DSCAL..............................jy.l.j.;.\o..`P..a...c._.u.`....Gm2)T....^........$y..V............2....b&..?o....u.9...*.Zj.VT.J....h.C....!..B..jE..GP+.ewI.........0....0........Spring.Craft Edge.Shapes..........:.....:`c..`...............................DSCAL................................Q].........y....n%.3.Q.ky......{.`.P-P%.p..-TjNI..{-92...Y./.....N...!D...g....r.84X...M.....2h...b.^l.0P......}c...(...............7....7........3 Leaf Clover.Craft Edge.Shapes..........:.....:!T..`.f.......3 Leaf Clover.d.d.K....PNG........IHDR...d...d.....p.T....bKGD..............IDATx..yX....?......3 ..z..j.".Rn.1-}.....Y.Y..R..-TvR,.5....4M%....f....I.......f.af...|}K...a.>.....}...|.^..I.A.h.o.6..-...A...A..yc;..7n.`.-l......^..dA......&..P....?0l.0.....e..4.N=''.7?x.C....-C.C..(@r+..(....k...S.23m&....34

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\Summer.scal (copy)

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):114158
                                                    Entropy (8bit):7.754245071397085
                                                    Encrypted:false
                                                    SSDEEP:3072:o4KTAq4ntdBWZ4H9fCXCzTP0UuBkZcvqqUnj7K:ITCtzg4dCkgUuM1ju
                                                    MD5:1092617765A52BADA8A812FEA901B137
                                                    SHA1:31DAA90CFE29AFA8E3FAAA10C049B45834833308
                                                    SHA-256:88FF0A560A3DA375C323FD0C3761328419A06BA58E373EFB09F8418BC7EFF393
                                                    SHA-512:37DA07F3DA44D298CED21FA3323B54CADC839F3C19ACE0FC000A614C0D8FAD833ABC06C6239C89D8FFAB465848FADB3E667D365DB8310286935705A118FBF901
                                                    Malicious:false
                                                    Preview:BSCAL.......................................G/....1..7....AD...#....h..N....c|.. !............H...f........y....'.................H........>....>....Y..y'...T.........................DSCAL...............................w.L....,.....9YU.".Ad<..c.0RQI.?..."...>....ve...W.q.....b..Uk.N.......*g@.,.w....T.f(..A.Z..1Qn.i.h<.#.=..o..+.....}..B..@a.27.........0....0........Summer.Craft Edge.Shapes..........:.....:...`...............................DSCAL................................U....T...T..E.Uv4.....`.;.....c.]k....@.."T........p/..p.....S.D.\.....6.A.U"....+.4.#..uZ...4..2.."..(jy...*&...;./...5q|.........4....4...V....Beach Ball.Craft Edge.Shapes..........:.....:C...`..$......Beach Ball.d.d.}$...PNG........IHDR...d...d.....p.T....bKGD............ .IDATx..wxTU.._3.>.^ ....!!A@....Q.....k..._..u......AD.....K..&......!J.Rf2.....c..;)...~.y...{.=...9...........(...x.....;GJJ...'##...b.......O.>..............=d. .o...........v......L..=8m.6.^..#S.p.;@...~C.0`.

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\Swirls.scal (copy)

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):132558
                                                    Entropy (8bit):7.669771822889911
                                                    Encrypted:false
                                                    SSDEEP:3072:aqP0FOHIgQ/1E8d9ko/te/O+MFgriBmVdQIKgaKKHEZkiIZR1WjA/sBf:3P+Oogc1EyO8t4LMFgri0/3EPnIsEf
                                                    MD5:E6497DA72921573C22D29C664B5C1EAA
                                                    SHA1:5D2F7BBC3E94BDCA08B9DABBE47CB4762024FCB8
                                                    SHA-256:17BB9F3422F532DDFE5D6C9602E9E49BE765E4848ACA1C191CF0484B0092AB59
                                                    SHA-512:1090C1B1D4005725DF62A20D8D4D68E0B561E7A285104CBD99F42E16A170A1BA8A2452F05162212D05683264104DEE3F504C90CE38033A393E92B62427397562
                                                    Malicious:false
                                                    Preview:BSCAL.......................................f....h........3...a.....2.......}F..f.....T........f..X....)t....................*.......S........L....8...Y!........'....8..h$....]........r.......u...#........_........x....o........Q...V........'...DSCAL.................................6.I6{..tr....W....zY..2y..?>..4.....'...o.h.]..:....)f..c>t.<.....]..M..H..R...\..S?P..[....u.~..+ ..B.HR.....N....@..U.i..........0....0........Swirls.Craft Edge.Shapes..........:.....:.6..`...............................DSCAL..............................ix.0.X]..Sv..5....k.#.m|i.7..9.@q...:..``.=...p...0..8....n.q...@..cTgu...q_&...ib.q..O~\...S..........[a/S.E."...B\.....N............7....7...r....Flourish Sm 1.Craft Edge.Shapes..........:.....:....`.Q.......Flourish Sm 1.d.d.6....PNG........IHDR...d...d.....p.T....bKGD..............IDATx..MHT]....C..VcX.Z...A.$..."k....A.B...}P.F...X$4ML..I..h..?.0....%3S.?...y..s.:....}.....s...?.8..9.suDD..0,....5.......W...#.(.B..p8(**.....{..

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\Symbols.scal (copy)

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):59279
                                                    Entropy (8bit):7.723890349807642
                                                    Encrypted:false
                                                    SSDEEP:1536:WQSDmzHAmdxSMSfXUkfK9H3BpBZYtzWBiAmNHDm:W35mdxS2kfOHR1sqB8g
                                                    MD5:A667A4635760A604F5E90455657DF9BA
                                                    SHA1:3ACEABEEDCFF9C6F7922FC954218D42D08B54A1F
                                                    SHA-256:196FD731971B11B3873D52EE13C1EFAC4BF9F0F91D82856CBBE05CA1FB659152
                                                    SHA-512:3ABCFEC0BC6D820F4317A32B3E027B1CC3D4438825844618AEEF1443C8A0F9A059C1FAF36ACE16F6CD156260D74BC92BDC9EA489BE8F23B1FEA069D795E0B1E3
                                                    Malicious:false
                                                    Preview:BSCAL..............$.0.$.0p......../.......................!..Z0....Q..g....Ad.......#n..6....Y.............................Z....f...)...DSCAL........p.................@......X33....^m...n-.C0O.i.!w.2G.,.".).22E....@2....B...W.8..x=Ic..L......".l.X.......2..0G...AO..s..?q.N......v(.8............-......8.|P?.?K.9smIe...,[+..6.E... ..`.........1....1........Symbols.Craft Edge.Shapes.....................`...............................DSCAL........p.................@......a33....^m...n-.C0O.i.!w.2G.,.".).223bk.].^...>2..{...I..,.v)&.....{. `......Q...4..J.b*..z<...t.....8).._..Y..r..*..'?...?.......gK.......1...!.X..W.T".g`U,.........../..../........Don't.Craft Edge.Shapes..................D..`.........Don't.d.d......PNG........IHDR...d...d.............bKGD.............RIDATx..]ilT..?....,m.m.Ri.J ..!..D.....(h.b.`..)1,..Ee..=..'....P..H.E-(..B...]..3].....fZ..3..7K...a2...w.}.w......A.h........^%.......d9.$.......J...Z[......:}.......f.hH.!./..H.!...Z""......"*)..r*

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\Tags, Signs & Banners.scal (copy)

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:DIY-Thermocam raw data (Lepton 3.x), scale -20926-24706, spot sensor temperature 0.000000, unit celsius, color scheme 0, maximum point enabled, calibration: offset 0.000000, slope 500970464867410926013250174713856.000000
                                                    Category:dropped
                                                    Size (bytes):56822
                                                    Entropy (8bit):7.651463699422176
                                                    Encrypted:false
                                                    SSDEEP:768:1ro+zsC5ugrZR+LeBc+m5IShs7ohcTvNg2xhMNdZ/aDIg2fbGw:pugrb+LeGvNukcTlg20V/anS1
                                                    MD5:1FF0C9489E836499DB1ED7B3417BA478
                                                    SHA1:750206AB4FBD34B17205ADF33710F91140323915
                                                    SHA-256:74A96CB715FB81EB958BE3DFB60AF0C716D6CB0EF7DD1F5217CD15594DC3F39E
                                                    SHA-512:7EDE209919E3ECF80C47EBEC43207195AAC41C71F4C8398115AF2807EF07043A984086251C0A683A3F5F60AF51304D3559F9CC5385CE782FF5F6FA28B34F40B2
                                                    Malicious:false
                                                    Preview:BSCAL..............................D........................................."..+.....(........2..h....!?........N........Z..~....Vh..).....s.......L~..I.............a.........................DSCAL..........................@...yq..33....^m...n-.C0O.i.!w.2G.,.".).22..J.......F.b.So.X.D..U0.....{...~..T7..... ..t...$......$j.9"..n..g....I....*O,y.*..]..S..S,._.d......=>}.....w.k.O#...........F....F........Tags, Signs & Banners.Craft Edge.Miscellaneous.....................`...............................DSCAL...........?..............@...a..n33....^m...n-.C0O.i.!w.2G.,.".).22..\...N.Q.T..RtO.7c.R..e.Wu..i.%..h=...].L..i.M...g.....x.*b..O.2...A...eK......a=}...M...f.S..rZ.z'.cL._...;.Z....FK?gbP..x..........6....6........Tag 1.Craft Edge.Miscellaneous................."...`.........Tag 1.d.d......PNG........IHDR...d...d.............bKGD..............IDATx...MH*k...F....>.$(.h.JD.M..mZE......h!.H.......EB.%.-...QD.@.h....3w....9..<......a..._CAC.............Y..F.,.....4]V

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\Talk Bubbles.scal (copy)

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):64537
                                                    Entropy (8bit):7.783531894467484
                                                    Encrypted:false
                                                    SSDEEP:1536:mY9p0pAuZhUVKdEmHZt/YPBkBbnFeAHiix8qwQ1tTepK:m1EVmT/YpMT8qwQoK
                                                    MD5:B877B821FAA0514BE7D67132C026D97B
                                                    SHA1:B634758494358A2951799BDCDAA664271DFAD248
                                                    SHA-256:32BC4297D594164F7BE3753FE2328132B0562C81C5EA18AC97831AE10C707F1B
                                                    SHA-512:FD47CD1C73A83DAC589EE449D28BAC8E6AFE4D74BFBC077D670BF57A7BF141B7865BDE1F0C5179A7BC9569917ACD9967C6D173B7967442648E104F420C7A921F
                                                    Malicious:false
                                                    Preview:BSCAL............................................x.........%........;........U........].......Ni........t...........}....2............K....f...{.......y....Z.....................T...DSCAL..............................u.n.W.....|.o..K.....F'.Q^Sv..@r.9.'....B..8...g.iv`...6.<Pj....1.E...U!.........E...$..(.........wd...O.n......^.rN.m$..q.x...........=....=........Talk Bubbles.Craft Edge.Miscellaneous..........;.....;C%..`...............................DSCAL..............................1.q5..G.8&.Y.j.2c6x..Ow....L.....j...PMC..@qt...P...=.!.kE...........(...g......O.o.......o...#...i......mC..TYx|..Mf].2l...........>....>........Talk Bubble 1.Craft Edge.Miscellaneous..........;.....;C...`.,.......Talk Bubble 1.d.d......PNG........IHDR...d...d.....p.T....bKGD..............IDATx.._L.......W:..F..f.F. ........Vy...k.Y.....(W[.juQ7.lm-.Uk....jm].-.dk....D(.<.../_.....N>.u.9....y=.....""p.A...8.p!...0....\.cp!...0....\.cp!...0....\.cp!...9X....~..AD"...$++.999...H

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\USA.scal (copy)

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):211380
                                                    Entropy (8bit):7.37236649718158
                                                    Encrypted:false
                                                    SSDEEP:3072:IOT3BfdrN6I+0ZQ/yYLtpAYVZy72KKkhaQ3iBbuRb4yVgwNefQd2Flx4wL0wT:1RFrN6I+02yf2KkJBOb4yVlefQ2FnT
                                                    MD5:5D5EAAC4FAA75CB7478198FEC28895CC
                                                    SHA1:D7FC225DE85266FACABF314B166C957FF35EB122
                                                    SHA-256:032B715FDE24B59BE882D379968C681AF09F0B15E9F42A9C55B8A668D78A36C7
                                                    SHA-512:DA90291D9022BADA837498A501DAC94414EE2B9A59724C7ADC656EDEA6FC8EAA060981B29ACFB92BC4BBFD358CAA6F379EB6C1B89510F2062E53B96A23888656
                                                    Malicious:false
                                                    Preview:BSCAL.......................7...............L....e...T........s....,"......./+........8........?..8....JH.......ZP.......P\.......~f.......wo..K.....z...............h........D...h.............g...U*................:......................'...:....a...)........ ..... ........+..X.....5........<.......JF........N........X....... `........k..e....Fv........|................n...a............[...W.................................j........n.........a....W...........n..........................e........).....&..w.....1..0...DSCAL...........F.....................P.^.C...Cj.;.K..S...n..g>.7.....&....."o.6Zn...s.C...#.C.g.....F.l..!....k9..X..A...SA.....hM...3..B1j@.]+...Q..M.?.S...[ .........0....0........USA.Craft Edge.Geography..........;.....;....`...............................DSCAL..............................J.T.R=k.x..&.....B....#.Y#.M....zY.o-.8s.iq.1 .Sc..h...:.i+.0_.Gh.{..N/......k%...G&..M.?.1R..W2ij..s......jx9..z5d..=4...A.P.H.........4....4...[....Alabama.Craft Edg

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\Weather.scal (copy)

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):96301
                                                    Entropy (8bit):7.809129886497833
                                                    Encrypted:false
                                                    SSDEEP:1536:dINDJFcDGljnsSvjgSyRFLcqIqE+yh319vpvKA9Z4CPOSLbnBKoIytnR2kJ7dm:iRcCBbv0SyRFByd3vFKCGSXBKTyLRdm
                                                    MD5:E82C623CE1F741A9F4FDE9DC43F23630
                                                    SHA1:C2E84F76BFC81C1789AE7BB6AEE197E186774697
                                                    SHA-256:05D668F5C491AA51C7DA93862D3E3C5843A27631BBD1C0EF8034B94080D6CE00
                                                    SHA-512:6B51E4BE629BA85CA583A703700FD2CBFD43734BB29433BA4453CA068B767AB05B1F4084C71B22D6BF11D0B5CA73B9F4FF61A32436BA1A62CA465F1005847109
                                                    Malicious:false
                                                    Preview:BSCAL.......................................1........K....A!........1........@........O.......H`..?.....o...........d....p...........|....k.... ........>....,........L.......Ig......DSCAL...............................x..SA.{..s.g......9g]5.jB.HY.CslP...?.g(.. S/..K9#.....w\S..$M|vX.zKw/.Fl.`.`.c_=..q.......|.^a...kEX<....=..H!..t.....+.W...........2....2........Weather.Craft Edge.Weather..........;.....;....`...............................DSCAL...............................$...s....o..IsD.).8.$.LD&.,.').....,..,.x........J......I[...P..\.q...K:.}Y....... v%........*..?.n.\........L.g..2c..........1....1...C....Bolt 2.Craft Edge.Weather..........;.....;.$..`.........Bolt 2.d.d......PNG........IHDR...d...d.....p.T....bKGD.............CIDATx..{PT...(.{..q`.].EY....-...F.........Tk........F.m2...P.....'"7Q...H...#..6....\....F.\v...U>3........<..s.s.N$.>.~R.p.RRRD[V..N0..:u2...p...Q..'.....1e.D|.m*.m{.^^^.,.o..0yyy.={...+1v.(.>..prr.e.}=.'|..1L...E.*..

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\Winter.scal (copy)

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, maximum point enabled, calibration: offset 0.000000, slope 670.488708
                                                    Category:dropped
                                                    Size (bytes):77426
                                                    Entropy (8bit):7.644517291394499
                                                    Encrypted:false
                                                    SSDEEP:1536:3tRKxIbZjmpsrGj6q+RZFHMqxU9pSKi2RWscqh8Pi7Bs:3tR9bZycVlxzKnv78Pi7a
                                                    MD5:39DC4CE3E509EE530E2EC97E03E227D6
                                                    SHA1:E60B00E89197208BE2D9CF8F3C6C8661FBDEAED1
                                                    SHA-256:5296290ACDD86B7DABEAFABC26D0EF6FDD1A8DD9EA2914F036B94D0AD115B973
                                                    SHA-512:39711AE42F87C3E3B0E17A8378EFE05C416BA4D1895FF6F6E718B384D5C7699C318FF36CF420DCD480094EABCD9F07672ECB1FE3F4A3E64E8EF6C6450A010BD8
                                                    Malicious:false
                                                    Preview:BSCAL.....................p..................!...`#..[.....1... ...yR.......Ya.......0{..........|....j.... ........ .......&....B...07..DSCAL.................................QqI.;.`.....h...'I.T.C.:...L.;..F..U......k=R.iW...O.!..YY.P.0..p..c.........P...z..BWn ..q..{V....m....q%.I....?...C...........7....7........Winter.Craft Edge.Miscellaneous..........;.....;....`...............................DSCAL..............................,..)K.9......Z..3..-.R(.>..dq.............|n=r]M?.O!v...2..4.A..$...<'j...U..N.Wlm0.d...m..Z.B<?.f..GD,I..8*..S.........\.@rt..........@....@.... ...Gingerbread Man.Craft Edge.Miscellaneous..........;.....;."..`.e.......Gingerbread Man.d.d.H....PNG........IHDR...d...d.....p.T....bKGD..............IDATx..y|.....3{%....IHB.H.g#..?.". ..V..?....Z.R<....`+"".....!}!^(.@...!!..9..v.....H......dwk}...\3..~..g.EQ.~.g.z...b.Z................ **...T........K.=.#.)++.w....O.=.GD.?a..z.....Zl...V..&...3u..n..w$$$x..\G...k..<..Br..I..H......\

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\is-0F8PP.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, maximum point enabled, calibration: offset 0.000000, slope 670.488708
                                                    Category:dropped
                                                    Size (bytes):77426
                                                    Entropy (8bit):7.644517291394499
                                                    Encrypted:false
                                                    SSDEEP:1536:3tRKxIbZjmpsrGj6q+RZFHMqxU9pSKi2RWscqh8Pi7Bs:3tR9bZycVlxzKnv78Pi7a
                                                    MD5:39DC4CE3E509EE530E2EC97E03E227D6
                                                    SHA1:E60B00E89197208BE2D9CF8F3C6C8661FBDEAED1
                                                    SHA-256:5296290ACDD86B7DABEAFABC26D0EF6FDD1A8DD9EA2914F036B94D0AD115B973
                                                    SHA-512:39711AE42F87C3E3B0E17A8378EFE05C416BA4D1895FF6F6E718B384D5C7699C318FF36CF420DCD480094EABCD9F07672ECB1FE3F4A3E64E8EF6C6450A010BD8
                                                    Malicious:false
                                                    Preview:BSCAL.....................p..................!...`#..[.....1... ...yR.......Ya.......0{..........|....j.... ........ .......&....B...07..DSCAL.................................QqI.;.`.....h...'I.T.C.:...L.;..F..U......k=R.iW...O.!..YY.P.0..p..c.........P...z..BWn ..q..{V....m....q%.I....?...C...........7....7........Winter.Craft Edge.Miscellaneous..........;.....;....`...............................DSCAL..............................,..)K.9......Z..3..-.R(.>..dq.............|n=r]M?.O!v...2..4.A..$...<'j...U..N.Wlm0.d...m..Z.B<?.f..GD,I..8*..S.........\.@rt..........@....@.... ...Gingerbread Man.Craft Edge.Miscellaneous..........;.....;."..`.e.......Gingerbread Man.d.d.H....PNG........IHDR...d...d.....p.T....bKGD..............IDATx..y|.....3{%....IHB.H.g#..?.". ..V..?....Z.R<....`+"".....!}!^(.@...!!..9..v.....H......dwk}...\3..~..g.EQ.~.g.z...b.Z................ **...T........K.=.#.)++.w....O.=.GD.?a..z.....Zl...V..&...3u..n..w$$$x..\G...k..<..Br..I..H......\

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\is-87SHJ.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):66594
                                                    Entropy (8bit):7.800838697373916
                                                    Encrypted:false
                                                    SSDEEP:1536:bOqndgG+IQ32TpUJz0DXmKTmg9usUFSZVl:bvQ3216zuXlFZVl
                                                    MD5:DE2D8D73F85285535A13F89B0F904847
                                                    SHA1:A4A42EB9FA7F9C8A51CD24560D999163DEE57290
                                                    SHA-256:306F7E5AFA1685939708DBBDAC6A0DD91DFE7C106BA6F84780BE9E44656B775B
                                                    SHA-512:CD1E87D933E8E821769721A1B03E244655D519722329E114388FD5E18F4DA57DAA7D2E769379C4938BA8F958AA71A87FD1DA194967A57EF5B94AA3347ECB8D29
                                                    Malicious:false
                                                    Preview:BSCAL.....................y...............................>!..M.....-..&.....I..).....Z........y..H......................}.........................DSCAL..............................4..a.A...;..l..0=a..S^[{.. ....D.2R..[N.HFm.qA%.D1E..<..~....i...e....R....O...`@...{P.....PAn|...J.......'I.4|0.....]H..I!D..........................Game.Craft Edge.Shapes..........9.....9....`...............................DSCAL....................................V.%....w$..g.....n..p.~......5W...Wi;..O.-.T..6T.,...(*..........*.......l<|....<...A.F_......`..).v.;....:.Q.........................Club.Craft Edge.Shapes..........9.....9.7..`.........Club.d.d......PNG........IHDR...d...d.....p.T....bKGD..............IDATx..{....?.......rY..0.PX..X.07...\.r..Fc.. .0.$>....ZIU....h..(r....-., ..B..X.X.1;....ced....L...g.t......9.....;..y..(..|7..466r..a..9..'.4..02....X,.......`.aD".<..g.. ..g...x..j.ne....E$.A.$<...<...q\$ID.....$Ix..e.$.I..(..g.iL.<........|.....q...x..

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\is-9KN2T.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):211380
                                                    Entropy (8bit):7.37236649718158
                                                    Encrypted:false
                                                    SSDEEP:3072:IOT3BfdrN6I+0ZQ/yYLtpAYVZy72KKkhaQ3iBbuRb4yVgwNefQd2Flx4wL0wT:1RFrN6I+02yf2KkJBOb4yVlefQ2FnT
                                                    MD5:5D5EAAC4FAA75CB7478198FEC28895CC
                                                    SHA1:D7FC225DE85266FACABF314B166C957FF35EB122
                                                    SHA-256:032B715FDE24B59BE882D379968C681AF09F0B15E9F42A9C55B8A668D78A36C7
                                                    SHA-512:DA90291D9022BADA837498A501DAC94414EE2B9A59724C7ADC656EDEA6FC8EAA060981B29ACFB92BC4BBFD358CAA6F379EB6C1B89510F2062E53B96A23888656
                                                    Malicious:false
                                                    Preview:BSCAL.......................7...............L....e...T........s....,"......./+........8........?..8....JH.......ZP.......P\.......~f.......wo..K.....z...............h........D...h.............g...U*................:......................'...:....a...)........ ..... ........+..X.....5........<.......JF........N........X....... `........k..e....Fv........|................n...a............[...W.................................j........n.........a....W...........n..........................e........).....&..w.....1..0...DSCAL...........F.....................P.^.C...Cj.;.K..S...n..g>.7.....&....."o.6Zn...s.C...#.C.g.....F.l..!....k9..X..A...SA.....hM...3..B1j@.]+...Q..M.?.S...[ .........0....0........USA.Craft Edge.Geography..........;.....;....`...............................DSCAL..............................J.T.R=k.x..&.....B....#.Y#.M....zY.o-.8s.iq.1 .Sc..h...:.i+.0_.Gh.{..N/......k%...G&..M.?.1R..W2ij..s......jx9..z5d..=4...A.P.H.........4....4...[....Alabama.Craft Edg

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\is-9R53P.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):76044
                                                    Entropy (8bit):7.781593198930996
                                                    Encrypted:false
                                                    SSDEEP:1536:9zCUsvuDmEm7KAaAJB2x56SPCwlkmsKpUaYVRMguAIXSA2:9z/s2Vm7KAajfl/sKpUaYVRM8YSf
                                                    MD5:FA20A58E0C27D4DED87150AADDBB2556
                                                    SHA1:74CF094D22A5806FD0DF01701851309CA3D3F263
                                                    SHA-256:A047FE59A6C64A6C17B887934245E64DAB2CDA4925B259456596C2C597740D75
                                                    SHA-512:3E1C65AD1FB8728724FEFCB8601918BEABCFBF4DC31AE17BC5BAD66BFA32DB184950AC077B0B27AE399A4B3A6B5890AAB325805F4444CDF07C4D216B7FDA4EDD
                                                    Malicious:false
                                                    Preview:BSCAL............................................l........"#........;.......iY........h..b....gz...........S....r...'.............p........=...^.............D...N........z...DSCAL..............................{.I..T.......\..?....;....X.+$g.=.7|5..G.N..X....v.eo.@.[...9.*>E.Y{..}[......w!j+..vy.8.p...w..&......I..B..s.W..\.G..f........../..../........Newborn.Craft Edge.Baby..........:.....:@...`...............................DSCAL..............................}.r..@.1.R...1H...Ul.A.k......~...l.[.J:E.X.".d(6J.*.....r..P....X.....I.j,.72Gcd$......>Xd.y,.[.e..zP`..$I......g5x..MhG.........................Bottle.Craft Edge.Baby..........:.....:. ..`.g.......Bottle.d.d.S....PNG........IHDR...d...d.....p.T....bKGD..............IDATx...Kh.k...'1*..I.1......QIM.X.."n,...*...U(RQhA..........Ru./XKI..N5.....g!...j&.s.~.N2....\.!.""..G....d2x....`.m.a..*..=@%..;.......btt....8~...*C.u..Mjmm....o?......&.u...*.. .iR4.......d(.......|.z..%. ....(.J..^.ze.X.p

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\is-A6FJ2.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:DIY-Thermocam raw data (Lepton 3.x), scale -20926-24706, spot sensor temperature 0.000000, unit celsius, color scheme 0, maximum point enabled, calibration: offset 0.000000, slope 500970464867410926013250174713856.000000
                                                    Category:dropped
                                                    Size (bytes):56822
                                                    Entropy (8bit):7.651463699422176
                                                    Encrypted:false
                                                    SSDEEP:768:1ro+zsC5ugrZR+LeBc+m5IShs7ohcTvNg2xhMNdZ/aDIg2fbGw:pugrb+LeGvNukcTlg20V/anS1
                                                    MD5:1FF0C9489E836499DB1ED7B3417BA478
                                                    SHA1:750206AB4FBD34B17205ADF33710F91140323915
                                                    SHA-256:74A96CB715FB81EB958BE3DFB60AF0C716D6CB0EF7DD1F5217CD15594DC3F39E
                                                    SHA-512:7EDE209919E3ECF80C47EBEC43207195AAC41C71F4C8398115AF2807EF07043A984086251C0A683A3F5F60AF51304D3559F9CC5385CE782FF5F6FA28B34F40B2
                                                    Malicious:false
                                                    Preview:BSCAL..............................D........................................."..+.....(........2..h....!?........N........Z..~....Vh..).....s.......L~..I.............a.........................DSCAL..........................@...yq..33....^m...n-.C0O.i.!w.2G.,.".).22..J.......F.b.So.X.D..U0.....{...~..T7..... ..t...$......$j.9"..n..g....I....*O,y.*..]..S..S,._.d......=>}.....w.k.O#...........F....F........Tags, Signs & Banners.Craft Edge.Miscellaneous.....................`...............................DSCAL...........?..............@...a..n33....^m...n-.C0O.i.!w.2G.,.".).22..\...N.Q.T..RtO.7c.R..e.Wu..i.%..h=...].L..i.M...g.....x.*b..O.2...A...eK......a=}...M...f.S..rZ.z'.cL._...;.Z....FK?gbP..x..........6....6........Tag 1.Craft Edge.Miscellaneous................."...`.........Tag 1.d.d......PNG........IHDR...d...d.............bKGD..............IDATx...MH*k...F....>.$(.h.JD.M..mZE......h!.H.......EB.%.-...QD.@.h....3w....9..<......a..._CAC.............Y..F.,.....4]V

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\is-ASC8A.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):132558
                                                    Entropy (8bit):7.669771822889911
                                                    Encrypted:false
                                                    SSDEEP:3072:aqP0FOHIgQ/1E8d9ko/te/O+MFgriBmVdQIKgaKKHEZkiIZR1WjA/sBf:3P+Oogc1EyO8t4LMFgri0/3EPnIsEf
                                                    MD5:E6497DA72921573C22D29C664B5C1EAA
                                                    SHA1:5D2F7BBC3E94BDCA08B9DABBE47CB4762024FCB8
                                                    SHA-256:17BB9F3422F532DDFE5D6C9602E9E49BE765E4848ACA1C191CF0484B0092AB59
                                                    SHA-512:1090C1B1D4005725DF62A20D8D4D68E0B561E7A285104CBD99F42E16A170A1BA8A2452F05162212D05683264104DEE3F504C90CE38033A393E92B62427397562
                                                    Malicious:false
                                                    Preview:BSCAL.......................................f....h........3...a.....2.......}F..f.....T........f..X....)t....................*.......S........L....8...Y!........'....8..h$....]........r.......u...#........_........x....o........Q...V........'...DSCAL.................................6.I6{..tr....W....zY..2y..?>..4.....'...o.h.]..:....)f..c>t.<.....]..M..H..R...\..S?P..[....u.~..+ ..B.HR.....N....@..U.i..........0....0........Swirls.Craft Edge.Shapes..........:.....:.6..`...............................DSCAL..............................ix.0.X]..Sv..5....k.#.m|i.7..9.@q...:..``.=...p...0..8....n.q...@..cTgu...q_&...ib.q..O~\...S..........[a/S.E."...B\.....N............7....7...r....Flourish Sm 1.Craft Edge.Shapes..........:.....:....`.Q.......Flourish Sm 1.d.d.6....PNG........IHDR...d...d.....p.T....bKGD..............IDATx..MHT]....C..VcX.Z...A.$..."k....A.B...}P.F...X$4ML..I..h..?.0....%3S.?...y..s.:....}.....s...?.8..9.suDD..0,....5.......W...#.(.B..p8(**.....{..

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\is-CU6EG.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):543833
                                                    Entropy (8bit):7.50496335178111
                                                    Encrypted:false
                                                    SSDEEP:6144:9DQ1236dLlSmlgZOw9/+wdM0zOyJromlIK1Z7HsH1GpYMnhdjYnDf67:dx6dLk/xSc+6sV8YIhdkDf67
                                                    MD5:7D692438B7E70DE932BC386A3D44D319
                                                    SHA1:5FC91DF8EA79A005A8583DCF44E0D48B7EC5A90F
                                                    SHA-256:05CB2D622DDEED62E052B8BBDB19DBE99B83F44F4447408601823B518D330586
                                                    SHA-512:1A605B25724B91BE5802104BC8BAA0C4EB0A3638CFD84D8AECFF10FC41B72BFD44DDD8DA34373C1BB8B7C8D4823D222441E0CFAF9696B8F119F8BEA37ED9724D
                                                    Malicious:false
                                                    Preview:BSCAL.......................4......D....6........'...j0....H..b........x....k........T...G%....9..}0....j...........]....r...N..................2...x...#............./...:9...iJ...F............k........d...z................-.................d...."............S....%...........................)..=.....7........B..@.....]........o..E....;....A...+...09...[....2..../..y....];........J.......WX........e........r......._...2........L........'.......=k....<..o^........Q.......<........A........r..DSCAL........@a"-..............@......v33....^m...n-.C0O.i.!w.2G.,.".).22.....N%....;.b7.P....G...1.u...iD..........A...[ys.@..zX.m.j.Y~....y...K<....n.l.......L...P..=......@...@.A4...t.@"..*z..........F....F........Createinspain Designs.Craft Edge.Miscellaneous..........4.....4....`...............................DSCAL..........................@.....r33....^m...n-.C0O.i.!w.2G.,.".).22.,"...~u..@....7.p.m.Q.&?@..d.>........ <"..-.`2@...aM.....+,..<........Sm.9....C.O.5p.Q..c....*

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\is-F9HC5.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):96301
                                                    Entropy (8bit):7.809129886497833
                                                    Encrypted:false
                                                    SSDEEP:1536:dINDJFcDGljnsSvjgSyRFLcqIqE+yh319vpvKA9Z4CPOSLbnBKoIytnR2kJ7dm:iRcCBbv0SyRFByd3vFKCGSXBKTyLRdm
                                                    MD5:E82C623CE1F741A9F4FDE9DC43F23630
                                                    SHA1:C2E84F76BFC81C1789AE7BB6AEE197E186774697
                                                    SHA-256:05D668F5C491AA51C7DA93862D3E3C5843A27631BBD1C0EF8034B94080D6CE00
                                                    SHA-512:6B51E4BE629BA85CA583A703700FD2CBFD43734BB29433BA4453CA068B767AB05B1F4084C71B22D6BF11D0B5CA73B9F4FF61A32436BA1A62CA465F1005847109
                                                    Malicious:false
                                                    Preview:BSCAL.......................................1........K....A!........1........@........O.......H`..?.....o...........d....p...........|....k.... ........>....,........L.......Ig......DSCAL...............................x..SA.{..s.g......9g]5.jB.HY.CslP...?.g(.. S/..K9#.....w\S..$M|vX.zKw/.Fl.`.`.c_=..q.......|.^a...kEX<....=..H!..t.....+.W...........2....2........Weather.Craft Edge.Weather..........;.....;....`...............................DSCAL...............................$...s....o..IsD.).8.$.LD&.,.').....,..,.x........J......I[...P..\.q...K:.}Y....... v%........*..?.n.\........L.g..2c..........1....1...C....Bolt 2.Craft Edge.Weather..........;.....;.$..`.........Bolt 2.d.d......PNG........IHDR...d...d.....p.T....bKGD.............CIDATx..{PT...(.{..q`.].EY....-...F.........Tk........F.m2...P.....'"7Q...H...#..6....\....F.\v...U>3........<..s.s.N$.>.~R.p.RRRD[V..N0..:u2...p...Q..'.....1e.D|.m*.m{.^^^.,.o..0yyy.={...+1v.(.>..prr.e.}=.'|..1L...E.*..

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\is-G7054.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):81816
                                                    Entropy (8bit):7.707519991934002
                                                    Encrypted:false
                                                    SSDEEP:1536:bsicsYedzR8eO9gKbvL2aiWqAIqwsoxlprW+DWu8UYHI7zoZ8jPy74RSBsZ:7p/dG9Bbz2DWqA1w7jKGWY3oujfRSBsZ
                                                    MD5:4C1F9B5ECF86DC7B839BF5D8F3ADFDC0
                                                    SHA1:CC6D1748BD0FFBB9036C0D871EC894E59B1CD6FC
                                                    SHA-256:F2A2A3C04FB8E6E9467A62B408F705D77C9A4269B2ADF5EC1947A871A0D1C4F9
                                                    SHA-512:C49470EBA77A8616E7CE32CFE8DA98010635BDA0046BD8904328D11777162DE9774635F20627A772F24719DA3C7E217CDEB8A8ED41BBD71B04C722D6F0E217AB
                                                    Malicious:false
                                                    Preview:BSCAL.....................y.................#..............%..F.....D...(....m................X...x........q....A...`..................%...H...P$..DSCAL.................................`..xG{0.G.N.X..)_...j.QW...K. t.{.L..!'.%=.....I..bE..|&..N2..!..s..c..x6..../D..c.=FEY....J..7.V.Q...>j..:.B......5....p.........................Fall.Craft Edge.Shapes..........9.....9!...`...............................DSCAL.................................l.........H.ES..5.....P.Qo{.=...T...*-.\X.h.5|S9.<...frt..N.k.n.-.2...-.,...M......!.B{.`n...~O.d..l.5......f.V..4BZ. ............/..../...7....Acorn.Craft Edge.Shapes..........9.....9....`.v.......Acorn.d.d.c....PNG........IHDR...d...d.....p.T....bKGD..............IDATx..{|S...I.$M....By....E(.D...Zqt....yl...{.P.|.6...G......+.V@..@'..h...B.i.4..q...!V..7.....49.{.o...{.2A........@._G...H..'.i.............].kF....W......@.dP...=QT..<8y.o.."..&.^Haa!3.N"g......w{..mJJ.."%%%h..V....g.sS...d.D...t..j.S1..k!UUU...'..7?.F

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\is-HNTO6.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):595545
                                                    Entropy (8bit):7.0713050562667386
                                                    Encrypted:false
                                                    SSDEEP:12288:fTBZLFkAEYvIfNLmu2cTbZqSNTuh4kMjBUJ84Ch9ycd8sl:f7LgLF2cbZtNT+sjOJXCrgsl
                                                    MD5:3695D419AA9C7B11C464BE2A58A40530
                                                    SHA1:C73513DF0555DB421EF81EF436136E53CCF4EE11
                                                    SHA-256:0487C6C64C185AC5BF459A907F302E363E5A162081B651570E691B3EA07818DD
                                                    SHA-512:54883F5E76E2208856F07DC16C9E5BCEA3ACBDA7C4B9CE48BF043CC371AD57F2925DCB6360CA85F5725609FC692906546B6E5BF70D8F839A206E06316C9E2F59
                                                    Malicious:false
                                                    Preview:BSCAL.......................2......H....(...........w....r...&?........E...cI...2....|...D........!................."....#...)....M...2............c....-........"........X...JW...*.......4........+........n...BQ..."....s...5...U...5/........@...8....M....f...2.......d*...a........1....+...3...j'....D...,...Kq.../...(....!.......b....H...~.........-...u<.......{R..r.....j..@....-....B........*......../...."..\$....G........`..].....y...(.......5............k... "...........DSCAL..........................@......d33....^m...n-.C0O.i.!w.2G.,.".).22...S...V.P...~).......PJ...._..q..7.4..l...}.........^M.rY......".L..+...|.X.....)...i..B...+~i..s.82.X........x.9..(M..L.........J....J........MichelleMyBelle Creations.Craft Edge.Miscellaneous..........;.....;B...`...............................DSCAL..........................@...c..#33....^m...n-.C0O.i.!w.2G.,.".).22.F..`m`..XJh9u..pFdCp%.R..9z.n...Qe.. 3.{,"....,`.9.+.5.D........vr..72#..s.U.y"[.6...h.3M. 2O..x.f.Ah.`.L.9...

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\is-IK1HT.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):92038
                                                    Entropy (8bit):7.7200406826946235
                                                    Encrypted:false
                                                    SSDEEP:1536:ca4Jw4jmV7T35O0vMSndbJMZSMSU514ph64P8beNFbWmGINBU0Od:ca2bmh35rkmrU5f4P8beNhhG0rM
                                                    MD5:E98226F38153CFBF93BF77744E364434
                                                    SHA1:6E613678B12144ADAA5ADCC18AA40965EB903101
                                                    SHA-256:825F3BA18ABDFA2164FBC1D183D8C1C178C9D99C3C4B694AC358D833A755D241
                                                    SHA-512:228B1334D11F455EC6610DB53E36BCC2D747975EB5E8D650D41C92FD856A34E266ACE5A8A094FCE407E518EF76B6E0B00C983A0CDCE2B930B2222E16A4B6A5CD
                                                    Malicious:false
                                                    Preview:BSCAL...................................................../+.......'G..\.....]..9.....s..~....:...^.........!.......X%.......7....4....!........?...qX......DSCAL..............................jy.l.j.;.\o..`P..a...c._.u.`....Gm2)T....^........$y..V............2....b&..?o....u.9...*.Zj.VT.J....h.C....!..B..jE..GP+.ewI.........0....0........Spring.Craft Edge.Shapes..........:.....:`c..`...............................DSCAL................................Q].........y....n%.3.Q.ky......{.`.P-P%.p..-TjNI..{-92...Y./.....N...!D...g....r.84X...M.....2h...b.^l.0P......}c...(...............7....7........3 Leaf Clover.Craft Edge.Shapes..........:.....:!T..`.f.......3 Leaf Clover.d.d.K....PNG........IHDR...d...d.....p.T....bKGD..............IDATx..yX....?......3 ..z..j.".Rn.1-}.....Y.Y..R..-TvR,.5....4M%....f....I.......f.af...|}K...a.>.....}...|.^..I.A.h.o.6..-...A...A..yc;..7n.`.-l......^..dA......&..P....?0l.0.....e..4.N=''.7?x.C....-C.C..(@r+..(....k...S.23m&....34

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\is-JFDK0.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):132979
                                                    Entropy (8bit):7.662743912764236
                                                    Encrypted:false
                                                    SSDEEP:3072:viQWV2mUue1Kkp5F8U4rpAzmYDbUabHidS42O9mR:vTWa91dFr4rpwnUTdF2O6
                                                    MD5:F88752DB58C53A82F2DCD5D11F8233AB
                                                    SHA1:6D41999B017AD74783339AD00E03811F48A60E97
                                                    SHA-256:8B5AD9F2E46D3331989887761AFB6C3C7786BCA8D846444BF2FF234FD4E0E2DD
                                                    SHA-512:86350CC5DB773D092BFBDCB5710E90391ECE9D243E16706CD17E62197683520478FD32C2D4036DF45AF9326F59BF263A7FF7E56C662BEC5AA3960F6328852A00
                                                    Malicious:false
                                                    Preview:BSCAL.......................-......4........S....:.................!)........6.._....C<..>.....D......./S........\........b..i.....z.......W........j........f...-.................I........v....c...9......................J........*$........0..r.....;..&.....G..B.....M........Z........^........b..x....%v...........o....U...W................./........U.................;......................p................. .................a.......DSCAL..........................@...5.2N33....^m...n-.C0O.i.!w.2G.,.".).22.............a{[X ..N.>...{.,.W..0...{.]F<{a<f~....+.=...sj....M.,.<..z.(~.V.2|i....{j.(..C.'..`..]......R...Ex2...H.N.............6....6........Basic Shapes.Craft Edge.Shapes................."...`...............................DSCAL..........................@...3..k33....^m...n-.C0O.i.!w.2G.,.".).22|..B..[k.3..Y.....B..q..}4..X<.96H.. v..N...Nr......@......ss#%.\.:.g.3..4..$.e..3...3.....bd..c.<:.....L.t..... ...y.Y...................F....Arch.Craft Edge.Shapes...........

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\is-NIC2D.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):44241
                                                    Entropy (8bit):7.747233988337866
                                                    Encrypted:false
                                                    SSDEEP:768:tZh3JPKW648iSo736Az5jwwcFuyZ3Y1Lnhe5xaLZPTAXogkA1sywv6:thPKz4/7h6fZ3Y1LhqxaB0Xrkosfv6
                                                    MD5:561A63F0CD4A70F3134143A5E266E58D
                                                    SHA1:18F871AE3532B1F9A030EBF2EEE7AA7A4491D60C
                                                    SHA-256:7C1B0B11EBF37D03AE2F6CF5135593D604BC1D3BF942329A3952DC0CCB770769
                                                    SHA-512:52F15AE1794120CA3E7E6204A4AEC9364BB8EBF7BF446753C53E8B5232BD7F76114603DABF41562318903EBEBB5390CDC4E651CDB33350AC5F3C0BDEDBBE3594
                                                    Malicious:false
                                                    Preview:BSCAL.....................g........,.............Q........0........(,.......19........B..C.....W........_........t..Y$...'.......DSCAL..........................@...Ps..33....^m...n-.C0O.i.!w.2G.,.".).22.4....Q....<.^..]e..!..G`......E..B..,..O..ev.b.....j P[Oc. ?1o65.O..r.dp.X.....7..O*B...p.Q..pU....e<...4X.H...uU4J*?.........................Music.Craft Edge.Music.................0'..`...............................DSCAL........`.................@....:.<33....^m...n-.C0O.i.!w.2G.,.".).22.P...A....^.M._.Z.vpMD<.Z.i+..\:.v......."...o...E.5..W.......M).....@.....K....~.t(.y...T.S......6~..hx..~w.=..d.3'.............4....4........Double Note.Craft Edge.Music................. ...`.........Double Note.d.d......PNG........IHDR...d...d.....p.T....bKGD..............IDATx..ML....}..v.n.Xy..iS..h<j8.1x.111.x0^L..M.zQ.&..$....1..'.....H./@)..R.ei;...o.R...:...v..<;...4.Q.B...-u....p..`..`..@....p.\+.cB..,................ ...099.o...8.<.B...(^.x.....e1!.J.099.@ .@ .`0

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\is-QKTC7.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):59279
                                                    Entropy (8bit):7.723890349807642
                                                    Encrypted:false
                                                    SSDEEP:1536:WQSDmzHAmdxSMSfXUkfK9H3BpBZYtzWBiAmNHDm:W35mdxS2kfOHR1sqB8g
                                                    MD5:A667A4635760A604F5E90455657DF9BA
                                                    SHA1:3ACEABEEDCFF9C6F7922FC954218D42D08B54A1F
                                                    SHA-256:196FD731971B11B3873D52EE13C1EFAC4BF9F0F91D82856CBBE05CA1FB659152
                                                    SHA-512:3ABCFEC0BC6D820F4317A32B3E027B1CC3D4438825844618AEEF1443C8A0F9A059C1FAF36ACE16F6CD156260D74BC92BDC9EA489BE8F23B1FEA069D795E0B1E3
                                                    Malicious:false
                                                    Preview:BSCAL..............$.0.$.0p......../.......................!..Z0....Q..g....Ad.......#n..6....Y.............................Z....f...)...DSCAL........p.................@......X33....^m...n-.C0O.i.!w.2G.,.".).22E....@2....B...W.8..x=Ic..L......".l.X.......2..0G...AO..s..?q.N......v(.8............-......8.|P?.?K.9smIe...,[+..6.E... ..`.........1....1........Symbols.Craft Edge.Shapes.....................`...............................DSCAL........p.................@......a33....^m...n-.C0O.i.!w.2G.,.".).223bk.].^...>2..{...I..,.v)&.....{. `......Q...4..J.b*..z<...t.....8).._..Y..r..*..'?...?.......gK.......1...!.X..W.T".g`U,.........../..../........Don't.Craft Edge.Shapes..................D..`.........Don't.d.d......PNG........IHDR...d...d.............bKGD.............RIDATx..]ilT..?....,m.m.Ri.J ..!..D.....(h.b.`..)1,..Ee..=..'....P..H.E-(..B...]..3].....fZ..3..7K...a2...w.}.w......A.h........^%.......d9.$.......J...Z[......:}.......f.hH.!./..H.!...Z""......"*)..r*

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\is-S0JSP.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):114158
                                                    Entropy (8bit):7.754245071397085
                                                    Encrypted:false
                                                    SSDEEP:3072:o4KTAq4ntdBWZ4H9fCXCzTP0UuBkZcvqqUnj7K:ITCtzg4dCkgUuM1ju
                                                    MD5:1092617765A52BADA8A812FEA901B137
                                                    SHA1:31DAA90CFE29AFA8E3FAAA10C049B45834833308
                                                    SHA-256:88FF0A560A3DA375C323FD0C3761328419A06BA58E373EFB09F8418BC7EFF393
                                                    SHA-512:37DA07F3DA44D298CED21FA3323B54CADC839F3C19ACE0FC000A614C0D8FAD833ABC06C6239C89D8FFAB465848FADB3E667D365DB8310286935705A118FBF901
                                                    Malicious:false
                                                    Preview:BSCAL.......................................G/....1..7....AD...#....h..N....c|.. !............H...f........y....'.................H........>....>....Y..y'...T.........................DSCAL...............................w.L....,.....9YU.".Ad<..c.0RQI.?..."...>....ve...W.q.....b..Uk.N.......*g@.,.w....T.f(..A.Z..1Qn.i.h<.#.=..o..+.....}..B..@a.27.........0....0........Summer.Craft Edge.Shapes..........:.....:...`...............................DSCAL................................U....T...T..E.Uv4.....`.;.....c.]k....@.."T........p/..p.....S.D.\.....6.A.U"....+.4.#..uZ...4..2.."..(jy...*&...;./...5q|.........4....4...V....Beach Ball.Craft Edge.Shapes..........:.....:C...`..$......Beach Ball.d.d.}$...PNG........IHDR...d...d.....p.T....bKGD............ .IDATx..wxTU.._3.>.^ ....!!A@....Q.....k..._..u......AD.....K..&......!J.Rf2.....c..;)...~.y...{.=...9...........(...x.....;GJJ...'##...b.......O.>..............=d. .o...........v......L..=8m.6.^..#S.p.;@...~C.0`.

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\is-T9L1C.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):56223
                                                    Entropy (8bit):7.675938408908281
                                                    Encrypted:false
                                                    SSDEEP:1536:/+jsHu4IMEuSznazX2TQZwm+WxhM6HMy6Z7:/ppIMEulGTuwmXhMwMB
                                                    MD5:619CA288DE840F0BEC52218DB7F2036C
                                                    SHA1:D1D5389AAE91284734F4940BD8319CFA2BC40A0D
                                                    SHA-256:C2A6D78B635CA45E316D10936EF7507B1643F4674BAA08B79FE22285EADC3966
                                                    SHA-512:4FACBC40E37F9801E9177A057D55BF236C5FBCE5397AF973B60B21C027AB258FD1A91B893F93AE3100A6785AD67089FBF623C121B7D4990A987A311E47314E5C
                                                    Malicious:false
                                                    Preview:BSCAL...............)...............................................$..G..............4........=.......~L..`.....U........n........y.......T............O....W...%....|...b............z................DSCAL...............................|.1..%.[.B=l.8....I9s\QP2..?..U.G....."....7..[d.b...6.,J]./;[.{T....*bV....$G.M......../T..5y............w.5.y...N...:.,.y..k.........0....0........Arrows.Craft Edge.Shapes..........8.....8"...`...............................DSCAL................................ u..d[........P.[..Y5eD..w..s.5~.._.Ev\.,o...E.......}5..3J..6.6E<W|.....6.[..s..... .@zc.X.f....I.........R.f..x.T.....A.........1....1..."....Arrow 1.Craft Edge.Shapes..........8.....8....`.........Arrow 1.d.d......PNG........IHDR...d...d.....p.T....bKGD.............AIDATx...KHT{....c.$......l..g(...DP..4.@#h.Zd.,.!Y..R8.P..&.EFa..I.E....K."....t..v.v.uG...2.....A_..9z,B.4....Po@|O.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(&,...v.......C..Phii....7o.P[[..h......

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\Library\is-VC1LG.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):64537
                                                    Entropy (8bit):7.783531894467484
                                                    Encrypted:false
                                                    SSDEEP:1536:mY9p0pAuZhUVKdEmHZt/YPBkBbnFeAHiix8qwQ1tTepK:m1EVmT/YpMT8qwQoK
                                                    MD5:B877B821FAA0514BE7D67132C026D97B
                                                    SHA1:B634758494358A2951799BDCDAA664271DFAD248
                                                    SHA-256:32BC4297D594164F7BE3753FE2328132B0562C81C5EA18AC97831AE10C707F1B
                                                    SHA-512:FD47CD1C73A83DAC589EE449D28BAC8E6AFE4D74BFBC077D670BF57A7BF141B7865BDE1F0C5179A7BC9569917ACD9967C6D173B7967442648E104F420C7A921F
                                                    Malicious:false
                                                    Preview:BSCAL............................................x.........%........;........U........].......Ni........t...........}....2............K....f...{.......y....Z.....................T...DSCAL..............................u.n.W.....|.o..K.....F'.Q^Sv..@r.9.'....B..8...g.iv`...6.<Pj....1.E...U!.........E...$..(.........wd...O.n......^.rN.m$..q.x...........=....=........Talk Bubbles.Craft Edge.Miscellaneous..........;.....;C%..`...............................DSCAL..............................1.q5..G.8&.Y.j.2c6x..Ow....L.....j...PMC..@qt...P...=.!.kE...........(...g......O.o.......o...#...i......mC..TYx|..Mf].2l...........>....>........Talk Bubble 1.Craft Edge.Miscellaneous..........;.....;C...`.,.......Talk Bubble 1.d.d......PNG........IHDR...d...d.....p.T....bKGD..............IDATx.._L.......W:..F..f.F. ........Vy...k.Y.....(W[.juQ7.lm-.Uk....jm].-.dk....D(.<.../_.....N>.u.9....y=.....""p.A...8.p!...0....\.cp!...0....\.cp!...0....\.cp!...9X....~..AD"...$++.999...H

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\WinSparkle.dll (copy)

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):1142272
                                                    Entropy (8bit):6.575328533778386
                                                    Encrypted:false
                                                    SSDEEP:24576:JjNy0cphFIlPXI9RTczazoP2l0iS65WQ1jGb8JcBCu98xvtQ/U:JY0MhO+louaizR1jGb8iBCu98xvtQ/U
                                                    MD5:21CF2233F94BF81E22737E2CAE984FD1
                                                    SHA1:428951E7391B7CFCA62624C11E24B361CAD9D2E0
                                                    SHA-256:FCB2DC122AD93E88AA07B99DB1292CF5B8F04F7F5125C7A9AD98E8790E0F7366
                                                    SHA-512:F033174BB79D1F0E9D23FBE983A5D5849AE7CC99BA52D7CB5480F55F25CDDAE0EADE184FBF7DF970DE39B6FA315A049A13234D8379C72DC5AE2E8DDBABA13772
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Joe Sandbox View:
                                                    • Filename: file.exe, Detection: malicious, Browse
                                                    • Filename: gxjIKuKnu7.exe, Detection: malicious, Browse
                                                    • Filename: NBoJCkvcb1.exe, Detection: malicious, Browse
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t6.&0W.u0W.u0W.u9/|u.W.u9/mu.W.u9/ju.W.u...u:W.u...u'W.u0W.u.V.u9/cu.W.u9/{u1W.u..}u1W.u9/xu1W.uRich0W.u........................PE..L......T...........!.........N...............0...............................P.......c....@..........................b.......B...........1......................./..pq..................................@............0...............................text... ........................... ..`.rdata...5...0...6... ..............@..@.data...\....p...l...V..............@....rsrc....1.......2..................@..@.reloc...x.......z..................@..B........................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                    Category:modified
                                                    Size (bytes):3698688
                                                    Entropy (8bit):6.580367741040878
                                                    Encrypted:false
                                                    SSDEEP:49152:0nbWWMORoxCgL/hEYqncOW+F+wKbyUYa6Ql0G3bk7jsIJNU:cCB/hEYqncOW+F+WhvPnJN
                                                    MD5:19F9733DCD58AFF930F87ACDAF4A09FB
                                                    SHA1:4076EABD809CA63AB6619A9D85C8F5D686F89728
                                                    SHA-256:EF9C847985C1588A5D5F85ECAFDACE935D98C10AC9411E5C7040A7900A95FC43
                                                    SHA-512:92BFC472EF3A965F6993163AA32E14273DE23061BED77125BD6D165A42FE39C83E2E07D33B86AD68F9893A0C347CAC7F063E667440422CC2E94EA45750ADECA8
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 67%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......L..................".........p."......."...@...........................8.......8.....................................<.".......#..C............................................................................".h............................text.....".......".................`....rdata..`.....".......".............@..@.data....c....#..0....".............@....rsrc....D....#..D...,#.............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\cairogfx.dll (copy)

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):1305600
                                                    Entropy (8bit):6.804982979697153
                                                    Encrypted:false
                                                    SSDEEP:24576:emdh6XRecOlYMksUqYMSMvm+YNqwngZRa5R+joLzydTEfCSoIkNyi220BTpdAd:emdhnc3lgZRa7+jo6YR8eXBT3Ad
                                                    MD5:6330B1294C40518F7C6363F97338A0A9
                                                    SHA1:350E07281719E55659F74884387FA072C0D53F52
                                                    SHA-256:4D100667AD119AD52D1172173C97EB9EC30B7C378070DFD2D07A2A04767B4D86
                                                    SHA-512:97E1D71881663496011E5B3D70E817D62EB39CD484CB091A633D6329BFF2900029B04D0086358A522C3BFDA187FC7AEBEEDACC16003FCD2937DF047A89D4E54F
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.3.:.].:.].:.].7.....].7.....].7....]..3..3.].:.\..].G....].G...;.].7...;.].G...;.].Rich:.].........................PE..L....g.`...........!.................o.......................................P............@.........................p3.../...c..d................................w..................................P...@............................................text...@........................... ..`.rdata..............................@..@.data....8...p.......Z..............@....tls....)............p..............@....rsrc................r..............@..@.reloc...w.......x...t..............@..B........................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\is-2KG4F.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):348160
                                                    Entropy (8bit):6.542655141037356
                                                    Encrypted:false
                                                    SSDEEP:6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
                                                    MD5:86F1895AE8C5E8B17D99ECE768A70732
                                                    SHA1:D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA
                                                    SHA-256:8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE
                                                    SHA-512:3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA
                                                    Malicious:false
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2..S..S..S..Tp..S..S..5S..BX..S..BX...S..BX..Q..BX..S..BX..S..BX..S..Rich.S..........................PE..L.....V>...........!................."............4|.........................`......................................t....C......(.... .......................0..d+..H...8...........................x...H...............l............................text............................... ..`.rdata..@...........................@..@.data... h.......`..................@....rsrc........ ......................@..@.reloc..d+...0...0... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\is-679Q3.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):3698688
                                                    Entropy (8bit):6.580367580387556
                                                    Encrypted:false
                                                    SSDEEP:49152:FnbWWMORoxCgL/hEYqncOW+F+wKbyUYa6Ql0G3bk7jsIJNU:tCB/hEYqncOW+F+WhvPnJN
                                                    MD5:9A8BF073B7F2EDCEB1B138E71650DDA2
                                                    SHA1:0F1609BE226EAE061AE87C441B06579D93D0FD25
                                                    SHA-256:36B98F0F8A6EDE516E7F1961B8488251FACFD91EF0DCC828E668D682B4328F9F
                                                    SHA-512:9A456E614D6B514115B02BD8B2E51A84F1597D84C77F3138F1876880974CFAD0A3FC577C3CCBDE8696BF1047C88436CC03A8DFF14E7C0BE1DC0CA8EB7E270E22
                                                    Malicious:false
                                                    Preview:.Z......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......L..................".........p."......."...@...........................8.......8.....................................<.".......#..C............................................................................".h............................text.....".......".................`....rdata..`.....".......".............@..@.data....c....#..0....".............@....rsrc....D....#..D...,#.............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\is-E746G.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):1142272
                                                    Entropy (8bit):6.575328533778386
                                                    Encrypted:false
                                                    SSDEEP:24576:JjNy0cphFIlPXI9RTczazoP2l0iS65WQ1jGb8JcBCu98xvtQ/U:JY0MhO+louaizR1jGb8iBCu98xvtQ/U
                                                    MD5:21CF2233F94BF81E22737E2CAE984FD1
                                                    SHA1:428951E7391B7CFCA62624C11E24B361CAD9D2E0
                                                    SHA-256:FCB2DC122AD93E88AA07B99DB1292CF5B8F04F7F5125C7A9AD98E8790E0F7366
                                                    SHA-512:F033174BB79D1F0E9D23FBE983A5D5849AE7CC99BA52D7CB5480F55F25CDDAE0EADE184FBF7DF970DE39B6FA315A049A13234D8379C72DC5AE2E8DDBABA13772
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t6.&0W.u0W.u0W.u9/|u.W.u9/mu.W.u9/ju.W.u...u:W.u...u'W.u0W.u.V.u9/cu.W.u9/{u1W.u..}u1W.u9/xu1W.uRich0W.u........................PE..L......T...........!.........N...............0...............................P.......c....@..........................b.......B...........1......................./..pq..................................@............0...............................text... ........................... ..`.rdata...5...0...6... ..............@..@.data...\....p...l...V..............@....rsrc....1.......2..................@..@.reloc...x.......z..................@..B........................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\is-HQ50F.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):1305600
                                                    Entropy (8bit):6.804982979697153
                                                    Encrypted:false
                                                    SSDEEP:24576:emdh6XRecOlYMksUqYMSMvm+YNqwngZRa5R+joLzydTEfCSoIkNyi220BTpdAd:emdhnc3lgZRa7+jo6YR8eXBT3Ad
                                                    MD5:6330B1294C40518F7C6363F97338A0A9
                                                    SHA1:350E07281719E55659F74884387FA072C0D53F52
                                                    SHA-256:4D100667AD119AD52D1172173C97EB9EC30B7C378070DFD2D07A2A04767B4D86
                                                    SHA-512:97E1D71881663496011E5B3D70E817D62EB39CD484CB091A633D6329BFF2900029B04D0086358A522C3BFDA187FC7AEBEEDACC16003FCD2937DF047A89D4E54F
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.3.:.].:.].:.].7.....].7.....].7....]..3..3.].:.\..].G....].G...;.].7...;.].G...;.].Rich:.].........................PE..L....g.`...........!.................o.......................................P............@.........................p3.../...c..d................................w..................................P...@............................................text...@........................... ..`.rdata..............................@..@.data....8...p.......Z..............@....tls....)............p..............@....rsrc................r..............@..@.reloc...w.......x...t..............@..B........................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\is-JNATO.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):15864
                                                    Entropy (8bit):5.446150628226878
                                                    Encrypted:false
                                                    SSDEEP:384:zVQEjoZ7ooLzDCccymQx/9DSpNAJemtjf0Ncl08:zV1joxLH1SpKJtTF08
                                                    MD5:43F2BC6828B177477C2F98B8973460E8
                                                    SHA1:F0A3C975346AF66A843E8B49574DC9083CD32E02
                                                    SHA-256:3B578B15AD0D0747E8A3D958A0E7BF1FF6D5C335B8894FF7A020604DA008D79D
                                                    SHA-512:2449C3D615E5BCECE4C1B773FE629A75061A3E1488F6D3D743D7D209F1D687F26997937AB13B3A1B89B650D122DB030D2188E1E89BC1AB03CF2DF9A29CAA456C
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................l.......^...............Rich............PE..L.....C (.........!.........................0....@..........................`......B}...............................'.......$..P....@..H....................P..<.......T...............................................|............................text............................... ..`.data........0....... ..............@....rsrc...H....@......."..............@..@.reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\is-PJN23.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):499712
                                                    Entropy (8bit):6.414789978441117
                                                    Encrypted:false
                                                    SSDEEP:12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e
                                                    MD5:561FA2ABB31DFA8FAB762145F81667C2
                                                    SHA1:C8CCB04EEDAC821A13FAE314A2435192860C72B8
                                                    SHA-256:DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B
                                                    SHA-512:7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43
                                                    Malicious:false
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................................................Rich...................PE..L.....w>...........!.................-............:|................................~e..............................$...?...d!..<....`.......................p...0..8...8...............................H............................................text............................... ..`.rdata..2*.......0..................@..@.data...h!...0... ...0..............@....rsrc........`.......P..............@..@.reloc...0...p...@...`..............@..B........................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\msvcp71.dll (copy)

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):499712
                                                    Entropy (8bit):6.414789978441117
                                                    Encrypted:false
                                                    SSDEEP:12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e
                                                    MD5:561FA2ABB31DFA8FAB762145F81667C2
                                                    SHA1:C8CCB04EEDAC821A13FAE314A2435192860C72B8
                                                    SHA-256:DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B
                                                    SHA-512:7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43
                                                    Malicious:false
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................................................Rich...................PE..L.....w>...........!.................-............:|................................~e..............................$...?...d!..<....`.......................p...0..8...8...............................H............................................text............................... ..`.rdata..2*.......0..................@..@.data...h!...0... ...0..............@....rsrc........`.......P..............@..@.reloc...0...p...@...`..............@..B........................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\msvcr71.dll (copy)

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):348160
                                                    Entropy (8bit):6.542655141037356
                                                    Encrypted:false
                                                    SSDEEP:6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
                                                    MD5:86F1895AE8C5E8B17D99ECE768A70732
                                                    SHA1:D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA
                                                    SHA-256:8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE
                                                    SHA-512:3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA
                                                    Malicious:false
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2..S..S..S..Tp..S..S..5S..BX..S..BX...S..BX..Q..BX..S..BX..S..BX..S..Rich.S..........................PE..L.....V>...........!................."............4|.........................`......................................t....C......(.... .......................0..d+..H...8...........................x...H...............l............................text............................... ..`.rdata..@...........................@..@.data... h.......`..................@....rsrc........ ......................@..@.reloc..d+...0...0... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\uninstall\is-VPILF.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):2555217
                                                    Entropy (8bit):6.364161494552352
                                                    Encrypted:false
                                                    SSDEEP:49152:gdrGT9oY0SAQ4+YI1Qb1oWGxblxZa0o8598j:gFGTv1QtGxHZabt
                                                    MD5:0F299B44F450181D8B1B058637377507
                                                    SHA1:11CE62C7229B835C838167D8E0F2D9F41B54ADAE
                                                    SHA-256:7AC7A7FC3F6092670D8B6AD1AF251EF5D03335D57774E6B084ECCF28BBD680F7
                                                    SHA-512:FA664090B54FE4BBF139A3CCFCF1CB62027A683A8C008161827EDB292BFF252916112E73298A8D9A7176789404B08292ABA539265B98D8F0E130E794EDE49741
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...4..\..................$...........$.......$...@...........................'...........@......@....................&.......%..5...@&..D...................................................0&.....................D.%.@.....&......................text...(.$.......$................. ..`.itext...&....$..(....$............. ..`.data...4Z....$..\....$.............@....bss.....q...@%..........................idata...5....%..6....%.............@....didata.......&......R%.............@....edata........&......\%.............@..@.tls....D.... &..........................rdata..]....0&......^%.............@..@.rsrc....D...@&..D...`%.............@..@..............'.......&.............@..@........................................................

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\uninstall\unins000.dat

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:InnoSetup Log Avidenta, version 0x418, 9235 bytes, 528110\37\user\376, C:\Users\user\AppData\Local\Avidenta 2.7.
                                                    Category:dropped
                                                    Size (bytes):9235
                                                    Entropy (8bit):3.849453080959928
                                                    Encrypted:false
                                                    SSDEEP:96:+O1qWm8OpYCntcTBf9JXzgYl0J76CRbcuJlED7MZAe2LH3RhE7DjM83UKqm2RetG:t1qWmzpYg8XKJ7rbP4DumHhY+JHv
                                                    MD5:A16E003B935B7C1C048EAAAC1E643AD6
                                                    SHA1:E69E5118FBB1F9CAE30FB158A2AE2103385E480C
                                                    SHA-256:A4A0AFD3E2A72CD3D24E228F5A81044A02A39E6B22046C3BCAD4D966149A977A
                                                    SHA-512:9AC673BD57D139302BBFAE9D6EA81F37C143F5B48D7C945DDF3A27374F45DC16B12373F3480C8EC32BB1F711C6C7FF51B581CE1DCF58059BF873C827005A67C8
                                                    Malicious:false
                                                    Preview:Inno Setup Uninstall Log (b)....................................Avidenta........................................................................................................................Avidenta.................................................................................................................................$..!.............................................................................................................................,................5.2.8.1.1.0......j.o.n.e.s......C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.A.v.i.d.e.n.t.a. .2...7...7....................W.. ..............IFPS....$........................................................................................................ANYMETHOD.....................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TMAINFORM....TMAINFORM.........TUNINSTALLPROGRESSFORM....TUNINSTALLPROGRESSFORM.........TPASSWORDEDIT....TPASSWORDEDIT.....

                                                    C:\Users\user\AppData\Local\Avidenta 2.7.7\uninstall\unins000.exe (copy)

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):2555217
                                                    Entropy (8bit):6.364161494552352
                                                    Encrypted:false
                                                    SSDEEP:49152:gdrGT9oY0SAQ4+YI1Qb1oWGxblxZa0o8598j:gFGTv1QtGxHZabt
                                                    MD5:0F299B44F450181D8B1B058637377507
                                                    SHA1:11CE62C7229B835C838167D8E0F2D9F41B54ADAE
                                                    SHA-256:7AC7A7FC3F6092670D8B6AD1AF251EF5D03335D57774E6B084ECCF28BBD680F7
                                                    SHA-512:FA664090B54FE4BBF139A3CCFCF1CB62027A683A8C008161827EDB292BFF252916112E73298A8D9A7176789404B08292ABA539265B98D8F0E130E794EDE49741
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...4..\..................$...........$.......$...@...........................'...........@......@....................&.......%..5...@&..D...................................................0&.....................D.%.@.....&......................text...(.$.......$................. ..`.itext...&....$..(....$............. ..`.data...4Z....$..\....$.............@....bss.....q...@%..........................idata...5....%..6....%.............@....didata.......&......R%.............@....edata........&......\%.............@..@.tls....D.... &..........................rdata..]....0&......^%.............@..@.rsrc....D...@&..D...`%.............@..@..............'.......&.............@..@........................................................

                                                    C:\Users\user\AppData\Local\Temp\is-K4QHQ.tmp\_isetup\_iscrypt.dll

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):2560
                                                    Entropy (8bit):2.8818118453929262
                                                    Encrypted:false
                                                    SSDEEP:24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG
                                                    MD5:A69559718AB506675E907FE49DEB71E9
                                                    SHA1:BC8F404FFDB1960B50C12FF9413C893B56F2E36F
                                                    SHA-256:2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC
                                                    SHA-512:E52E0AA7FE3F79E36330C455D944653D449BA05B2F9ABEE0914A0910C3452CFA679A40441F9AC696B3CCF9445CBB85095747E86153402FC362BB30AC08249A63
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W.c.W.c.W.c...>.T.c.W.b.V.c.R.<.V.c.R.?.V.c.R.9.V.c.RichW.c.........................PE..L....b.@...........!......................... ...............................@......................................p ..}.... ..(............................0....................................................... ...............................text............................... ..`.rdata....... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\is-K4QHQ.tmp\_isetup\_setup64.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):6144
                                                    Entropy (8bit):4.720366600008286
                                                    Encrypted:false
                                                    SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                    MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                    SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                    SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                    SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                    Malicious:false
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp

                                                    Download File
                                                    Process:C:\Users\user\Desktop\file.exe
                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):2532352
                                                    Entropy (8bit):6.380212187829063
                                                    Encrypted:false
                                                    SSDEEP:49152:IdrGT9oY0SAQ4+YI1Qb1oWGxblxZa0o8598:IFGTv1QtGxHZab
                                                    MD5:438F4076E92D3C839405BAB4652FE2CE
                                                    SHA1:046567CF90B9E87F4B3913030E1ACFC0A4341279
                                                    SHA-256:AD1772BD4F07C11A626DE2F257D2CC44B63FF9150BE9386512840A2381E97B7E
                                                    SHA-512:44985FE1773CC9D1A4EE5ED0E5BCAC058C0CD064D3A1E782D9C424EFEB89185528E19A177ECFAFA173B76B049301D5FF95DAFC0B36715A0847EEC3F6B4E1506B
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...4..\..................$...........$.......$...@...........................'...........@......@....................&.......%..5...@&..D...................................................0&.....................D.%.@.....&......................text...(.$.......$................. ..`.itext...&....$..(....$............. ..`.data...4Z....$..\....$.............@....bss.....q...@%..........................idata...5....%..6....%.............@....didata.......&......R%.............@....edata........&......\%.............@..@.tls....D.... &..........................rdata..]....0&......^%.............@..@.rsrc....D...@&..D...`%.............@..@..............'.......&.............@..@........................................................

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                    Entropy (8bit):7.942413186072027
                                                    TrID:
                                                    • Win32 Executable (generic) a (10002005/4) 98.04%
                                                    • Inno Setup installer (109748/4) 1.08%
                                                    • InstallShield setup (43055/19) 0.42%
                                                    • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                    • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                    File name:file.exe
                                                    File size:5'964'353 bytes
                                                    MD5:a77b03795fd546e1ce17a89770416e0a
                                                    SHA1:6473da89e95a6750dfec775ec1805ec025b62ab5
                                                    SHA256:47a3a02bf52254b5776960a68c2f17aa773cb66072843638b19cb582e6ef8409
                                                    SHA512:b9ed6b713e84f78340ea76af9da0a987caa3cd67e58c071ff9f0c79d84e96996a37a3f6437a70eadedf6674e3e9f3d99a21eda71f5607f9dd833c3d937b480aa
                                                    SSDEEP:98304:PX41O2pXtg27SK59Ej2oVmV1J7bXc012r+z0nP7qT6D07uyazx11:viXu2159Ej2oUVf4r+AnP2TeyaR
                                                    TLSH:0E562227B298653EC4AE27354673A05068FBB76DE417BE1676E0C4CCCF260C11E3EA65
                                                    File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                    File Icon

                                                    Icon Hash:2d2e3797b32b2b99

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x4a7ed0
                                                    Entrypoint Section:.itext
                                                    Digitally signed:false
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                    Time Stamp:0x5CC41133 [Sat Apr 27 08:22:11 2019 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:
                                                    OS Version Major:6
                                                    OS Version Minor:0
                                                    File Version Major:6
                                                    File Version Minor:0
                                                    Subsystem Version Major:6
                                                    Subsystem Version Minor:0
                                                    Import Hash:eb5bc6ff6263b364dfbfb78bdb48ed59

                                                    Entrypoint Preview

                                                    Instruction
                                                    push ebp
                                                    mov ebp, esp
                                                    add esp, FFFFFFA4h
                                                    push ebx
                                                    push esi
                                                    push edi
                                                    xor eax, eax
                                                    mov dword ptr [ebp-3Ch], eax
                                                    mov dword ptr [ebp-40h], eax
                                                    mov dword ptr [ebp-5Ch], eax
                                                    mov dword ptr [ebp-30h], eax
                                                    mov dword ptr [ebp-38h], eax
                                                    mov dword ptr [ebp-34h], eax
                                                    mov dword ptr [ebp-2Ch], eax
                                                    mov dword ptr [ebp-28h], eax
                                                    mov dword ptr [ebp-14h], eax
                                                    mov eax, 004A2BC0h
                                                    call 00007FF49059465Dh
                                                    xor eax, eax
                                                    push ebp
                                                    push 004A85C2h
                                                    push dword ptr fs:[eax]
                                                    mov dword ptr fs:[eax], esp
                                                    xor edx, edx
                                                    push ebp
                                                    push 004A857Eh
                                                    push dword ptr fs:[edx]
                                                    mov dword ptr fs:[edx], esp
                                                    mov eax, dword ptr [004B0634h]
                                                    call 00007FF490628757h
                                                    call 00007FF4906282AEh
                                                    lea edx, dword ptr [ebp-14h]
                                                    xor eax, eax
                                                    call 00007FF4905A9C88h
                                                    mov edx, dword ptr [ebp-14h]
                                                    mov eax, 004B3708h
                                                    call 00007FF49058EEE7h
                                                    push 00000002h
                                                    push 00000000h
                                                    push 00000001h
                                                    mov ecx, dword ptr [004B3708h]
                                                    mov dl, 01h
                                                    mov eax, dword ptr [00423698h]
                                                    call 00007FF4905AACEFh
                                                    mov dword ptr [004B370Ch], eax
                                                    xor edx, edx
                                                    push ebp
                                                    push 004A852Ah
                                                    push dword ptr fs:[edx]
                                                    mov dword ptr fs:[edx], esp
                                                    call 00007FF4906287DFh
                                                    mov dword ptr [004B3714h], eax
                                                    mov eax, dword ptr [004B3714h]
                                                    cmp dword ptr [eax+0Ch], 01h
                                                    jne 00007FF49062F09Ah
                                                    mov eax, dword ptr [004B3714h]
                                                    mov edx, 00000028h
                                                    call 00007FF4905AB5E4h
                                                    mov edx, dword ptr [004B3714h]

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0xb60000x9a.edata
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xb40000xf1c.idata
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xb90000x4600.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0xb80000x18.rdata
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0xb42e00x240.idata
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xb50000x1a4.didata
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    .text0x10000xa50e00xa5200d2d65fadb7b1be676e1248ab404382daFalse0.3560172809424678data6.368250598681687IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                    .itext0xa70000x16680x180073e002411a8e0d309143a3e055e89568False0.5411783854166666data5.950488815097041IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                    .data0xa90000x37a40x380043e7b93b56ed2b1f2c341832da76e1f0False0.3604213169642857data5.027871318308703IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .bss0xad0000x676c0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .idata0xb40000xf1c0x1000daddecfdccd86a491d85012d9e547c63False0.36474609375data4.791610915860562IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .didata0xb50000x1a40x200be0581a07bd7d21a29f93f8752d3e826False0.345703125data2.7458225536678693IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .edata0xb60000x9a0x20057cd71ca96fdc064696777e5b35cf0bbFalse0.2578125data1.881069204504408IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                    .tls0xb70000x180x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .rdata0xb80000x5d0x200967e84eb6ac477621cd1643650d7bc91False0.189453125data1.3697437648744617IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                    .rsrc0xb90000x46000x4600fea5bb3fc2fa3b68503752c2bfab7c25False0.31986607142857143data4.434127232462732IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                    Resources

                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                    RT_ICON0xb94c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192DutchNetherlands0.5675675675675675
                                                    RT_ICON0xb95f00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320DutchNetherlands0.4486994219653179
                                                    RT_ICON0xb9b580x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640DutchNetherlands0.4637096774193548
                                                    RT_ICON0xb9e400x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152DutchNetherlands0.3935018050541516
                                                    RT_STRING0xba6e80x360data0.34375
                                                    RT_STRING0xbaa480x260data0.3256578947368421
                                                    RT_STRING0xbaca80x45cdata0.4068100358422939
                                                    RT_STRING0xbb1040x40cdata0.3754826254826255
                                                    RT_STRING0xbb5100x2d4data0.39226519337016574
                                                    RT_STRING0xbb7e40xb8data0.6467391304347826
                                                    RT_STRING0xbb89c0x9cdata0.6410256410256411
                                                    RT_STRING0xbb9380x374data0.4230769230769231
                                                    RT_STRING0xbbcac0x398data0.3358695652173913
                                                    RT_STRING0xbc0440x368data0.3795871559633027
                                                    RT_STRING0xbc3ac0x2a4data0.4275147928994083
                                                    RT_RCDATA0xbc6500x10data1.5
                                                    RT_RCDATA0xbc6600x2c4data0.6384180790960452
                                                    RT_RCDATA0xbc9240x2cdata1.1818181818181819
                                                    RT_GROUP_ICON0xbc9500x3edataEnglishUnited States0.8387096774193549
                                                    RT_VERSION0xbc9900x584dataEnglishUnited States0.24645892351274787
                                                    RT_MANIFEST0xbcf140x62cXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4240506329113924

                                                    Imports

                                                    DLLImport
                                                    kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                                                    comctl32.dllInitCommonControls
                                                    version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                                    user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                                                    oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                                                    netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                                                    advapi32.dllRegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

                                                    Exports

                                                    NameOrdinalAddress
                                                    TMethodImplementationIntercept30x453abc
                                                    __dbk_fcall_wrapper20x40d3dc
                                                    dbkFCallWrapperAddr10x4b063c

                                                    Possible Origin

                                                    Language of compilation systemCountry where language is spokenMap
                                                    DutchNetherlands
                                                    EnglishUnited States

                                                    Network Behavior

                                                    Suricata IDS Alerts

                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                    2024-11-15T07:01:00.242697+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449736185.208.158.20280TCP
                                                    2024-11-15T07:01:00.242697+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449736185.208.158.20280TCP
                                                    2024-11-15T07:01:01.314768+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449739185.208.158.20280TCP
                                                    2024-11-15T07:01:01.314768+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449739185.208.158.20280TCP
                                                    2024-11-15T07:01:04.515375+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449739185.208.158.20280TCP
                                                    2024-11-15T07:01:04.515375+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449739185.208.158.20280TCP
                                                    2024-11-15T07:01:04.941518+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449739185.208.158.20280TCP
                                                    2024-11-15T07:01:04.941518+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449739185.208.158.20280TCP
                                                    2024-11-15T07:01:05.993931+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449761185.208.158.20280TCP
                                                    2024-11-15T07:01:05.993931+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449761185.208.158.20280TCP
                                                    2024-11-15T07:01:07.033028+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449772185.208.158.20280TCP
                                                    2024-11-15T07:01:07.033028+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449772185.208.158.20280TCP
                                                    2024-11-15T07:01:07.453799+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449772185.208.158.20280TCP
                                                    2024-11-15T07:01:07.453799+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449772185.208.158.20280TCP
                                                    2024-11-15T07:01:07.867193+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449772185.208.158.20280TCP
                                                    2024-11-15T07:01:07.867193+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449772185.208.158.20280TCP
                                                    2024-11-15T07:01:08.919409+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449783185.208.158.20280TCP
                                                    2024-11-15T07:01:08.919409+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449783185.208.158.20280TCP
                                                    2024-11-15T07:01:10.309793+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449789185.208.158.20280TCP
                                                    2024-11-15T07:01:10.309793+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449789185.208.158.20280TCP
                                                    2024-11-15T07:01:11.386140+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449799185.208.158.20280TCP
                                                    2024-11-15T07:01:11.386140+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449799185.208.158.20280TCP
                                                    2024-11-15T07:01:12.421187+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449805185.208.158.20280TCP
                                                    2024-11-15T07:01:12.421187+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449805185.208.158.20280TCP
                                                    2024-11-15T07:01:12.838984+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449805185.208.158.20280TCP
                                                    2024-11-15T07:01:12.838984+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449805185.208.158.20280TCP
                                                    2024-11-15T07:01:13.879662+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449812185.208.158.20280TCP
                                                    2024-11-15T07:01:13.879662+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449812185.208.158.20280TCP
                                                    2024-11-15T07:01:14.942792+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449819185.208.158.20280TCP
                                                    2024-11-15T07:01:14.942792+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449819185.208.158.20280TCP
                                                    2024-11-15T07:01:15.984449+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449827185.208.158.20280TCP
                                                    2024-11-15T07:01:15.984449+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449827185.208.158.20280TCP
                                                    2024-11-15T07:01:17.037400+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449835185.208.158.20280TCP
                                                    2024-11-15T07:01:17.037400+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449835185.208.158.20280TCP
                                                    2024-11-15T07:01:18.075398+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449841185.208.158.20280TCP
                                                    2024-11-15T07:01:18.075398+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449841185.208.158.20280TCP
                                                    2024-11-15T07:01:19.117047+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449847185.208.158.20280TCP
                                                    2024-11-15T07:01:19.117047+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449847185.208.158.20280TCP
                                                    2024-11-15T07:01:20.167044+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449854185.208.158.20280TCP
                                                    2024-11-15T07:01:20.167044+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449854185.208.158.20280TCP
                                                    2024-11-15T07:01:21.205064+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449861185.208.158.20280TCP
                                                    2024-11-15T07:01:21.205064+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449861185.208.158.20280TCP
                                                    2024-11-15T07:01:22.257797+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449869185.208.158.20280TCP
                                                    2024-11-15T07:01:22.257797+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449869185.208.158.20280TCP
                                                    2024-11-15T07:01:23.297269+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449876185.208.158.20280TCP
                                                    2024-11-15T07:01:23.297269+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449876185.208.158.20280TCP
                                                    2024-11-15T07:01:23.711052+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449876185.208.158.20280TCP
                                                    2024-11-15T07:01:23.711052+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449876185.208.158.20280TCP
                                                    2024-11-15T07:01:25.785358+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449884185.208.158.20280TCP
                                                    2024-11-15T07:01:25.785358+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449884185.208.158.20280TCP
                                                    2024-11-15T07:01:26.821369+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449896185.208.158.20280TCP
                                                    2024-11-15T07:01:26.821369+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449896185.208.158.20280TCP
                                                    2024-11-15T07:01:27.885554+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449901185.208.158.20280TCP
                                                    2024-11-15T07:01:27.885554+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449901185.208.158.20280TCP
                                                    2024-11-15T07:01:28.946667+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449908185.208.158.20280TCP
                                                    2024-11-15T07:01:28.946667+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449908185.208.158.20280TCP
                                                    2024-11-15T07:01:29.993335+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449914185.208.158.20280TCP
                                                    2024-11-15T07:01:29.993335+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449914185.208.158.20280TCP
                                                    2024-11-15T07:01:31.173329+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449920185.208.158.20280TCP
                                                    2024-11-15T07:01:31.173329+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449920185.208.158.20280TCP
                                                    2024-11-15T07:01:31.591943+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449920185.208.158.20280TCP
                                                    2024-11-15T07:01:31.591943+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449920185.208.158.20280TCP
                                                    2024-11-15T07:01:32.622953+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449930185.208.158.20280TCP
                                                    2024-11-15T07:01:32.622953+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449930185.208.158.20280TCP
                                                    2024-11-15T07:01:33.652088+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449936185.208.158.20280TCP
                                                    2024-11-15T07:01:33.652088+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449936185.208.158.20280TCP
                                                    2024-11-15T07:01:34.699887+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449941185.208.158.20280TCP
                                                    2024-11-15T07:01:34.699887+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449941185.208.158.20280TCP
                                                    2024-11-15T07:01:35.764850+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449947185.208.158.20280TCP
                                                    2024-11-15T07:01:35.764850+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449947185.208.158.20280TCP
                                                    2024-11-15T07:01:36.194262+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449947185.208.158.20280TCP
                                                    2024-11-15T07:01:36.194262+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449947185.208.158.20280TCP
                                                    2024-11-15T07:01:37.246639+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449958185.208.158.20280TCP
                                                    2024-11-15T07:01:37.246639+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449958185.208.158.20280TCP
                                                    2024-11-15T07:01:38.293787+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449964185.208.158.20280TCP
                                                    2024-11-15T07:01:38.293787+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449964185.208.158.20280TCP
                                                    2024-11-15T07:01:39.346296+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449970185.208.158.20280TCP
                                                    2024-11-15T07:01:39.346296+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449970185.208.158.20280TCP
                                                    2024-11-15T07:01:39.764461+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449970185.208.158.20280TCP
                                                    2024-11-15T07:01:39.764461+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449970185.208.158.20280TCP
                                                    2024-11-15T07:01:40.192382+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449970185.208.158.20280TCP
                                                    2024-11-15T07:01:40.192382+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449970185.208.158.20280TCP
                                                    2024-11-15T07:01:41.244018+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449984185.208.158.20280TCP
                                                    2024-11-15T07:01:41.244018+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449984185.208.158.20280TCP
                                                    2024-11-15T07:01:42.289569+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449991185.208.158.20280TCP
                                                    2024-11-15T07:01:42.289569+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449991185.208.158.20280TCP
                                                    2024-11-15T07:01:43.319445+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449998185.208.158.20280TCP
                                                    2024-11-15T07:01:43.319445+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449998185.208.158.20280TCP
                                                    2024-11-15T07:01:44.356315+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450004185.208.158.20280TCP
                                                    2024-11-15T07:01:44.356315+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450004185.208.158.20280TCP
                                                    2024-11-15T07:01:45.444830+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450010185.208.158.20280TCP
                                                    2024-11-15T07:01:45.444830+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450010185.208.158.20280TCP
                                                    2024-11-15T07:01:46.488109+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450017185.208.158.20280TCP
                                                    2024-11-15T07:01:46.488109+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450017185.208.158.20280TCP
                                                    2024-11-15T07:01:46.907019+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450017185.208.158.20280TCP
                                                    2024-11-15T07:01:46.907019+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450017185.208.158.20280TCP
                                                    2024-11-15T07:01:47.989349+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450027185.208.158.20280TCP
                                                    2024-11-15T07:01:47.989349+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450027185.208.158.20280TCP
                                                    2024-11-15T07:01:49.027877+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450033185.208.158.20280TCP
                                                    2024-11-15T07:01:49.027877+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450033185.208.158.20280TCP
                                                    2024-11-15T07:01:50.067439+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450039185.208.158.20280TCP
                                                    2024-11-15T07:01:50.067439+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450039185.208.158.20280TCP
                                                    2024-11-15T07:01:51.123442+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450044185.208.158.20280TCP
                                                    2024-11-15T07:01:51.123442+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450044185.208.158.20280TCP
                                                    2024-11-15T07:01:52.159315+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450045185.208.158.20280TCP
                                                    2024-11-15T07:01:52.159315+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450045185.208.158.20280TCP
                                                    2024-11-15T07:01:53.205252+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450046185.208.158.20280TCP
                                                    2024-11-15T07:01:53.205252+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450046185.208.158.20280TCP
                                                    2024-11-15T07:01:54.251659+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450047185.208.158.20280TCP
                                                    2024-11-15T07:01:54.251659+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450047185.208.158.20280TCP
                                                    2024-11-15T07:01:54.664781+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450047185.208.158.20280TCP
                                                    2024-11-15T07:01:54.664781+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450047185.208.158.20280TCP
                                                    2024-11-15T07:01:55.710035+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450048185.208.158.20280TCP
                                                    2024-11-15T07:01:55.710035+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450048185.208.158.20280TCP
                                                    2024-11-15T07:01:56.765029+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450049185.208.158.20280TCP
                                                    2024-11-15T07:01:56.765029+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450049185.208.158.20280TCP
                                                    2024-11-15T07:01:57.197323+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450049185.208.158.20280TCP
                                                    2024-11-15T07:01:57.197323+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450049185.208.158.20280TCP
                                                    2024-11-15T07:01:58.259279+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450050185.208.158.20280TCP
                                                    2024-11-15T07:01:58.259279+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450050185.208.158.20280TCP
                                                    2024-11-15T07:01:59.297776+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450051185.208.158.20280TCP
                                                    2024-11-15T07:01:59.297776+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450051185.208.158.20280TCP
                                                    2024-11-15T07:01:59.712387+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450051185.208.158.20280TCP
                                                    2024-11-15T07:01:59.712387+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450051185.208.158.20280TCP
                                                    2024-11-15T07:02:00.762607+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450052185.208.158.20280TCP
                                                    2024-11-15T07:02:00.762607+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450052185.208.158.20280TCP
                                                    2024-11-15T07:02:01.810741+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450053185.208.158.20280TCP
                                                    2024-11-15T07:02:01.810741+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450053185.208.158.20280TCP
                                                    2024-11-15T07:02:02.934208+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450054185.208.158.20280TCP
                                                    2024-11-15T07:02:02.934208+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450054185.208.158.20280TCP
                                                    2024-11-15T07:02:05.004821+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450055185.208.158.20280TCP
                                                    2024-11-15T07:02:05.004821+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450055185.208.158.20280TCP
                                                    2024-11-15T07:02:06.057443+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450056185.208.158.20280TCP
                                                    2024-11-15T07:02:06.057443+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450056185.208.158.20280TCP
                                                    2024-11-15T07:02:07.112714+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450057185.208.158.20280TCP
                                                    2024-11-15T07:02:07.112714+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450057185.208.158.20280TCP
                                                    2024-11-15T07:02:08.165551+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450058185.208.158.20280TCP
                                                    2024-11-15T07:02:08.165551+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450058185.208.158.20280TCP
                                                    2024-11-15T07:02:09.228737+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450059185.208.158.20280TCP
                                                    2024-11-15T07:02:09.228737+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450059185.208.158.20280TCP

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Nov 15, 2024 07:00:59.312336922 CET4973680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:00:59.317687988 CET8049736185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:00:59.317790985 CET4973680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:00:59.317913055 CET4973680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:00:59.322866917 CET8049736185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:00.242629051 CET8049736185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:00.242697001 CET4973680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:00.362348080 CET4973680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:00.362828970 CET4973980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:00.368228912 CET8049739185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:00.368273020 CET8049736185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:00.368294954 CET4973980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:00.368321896 CET4973680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:00.368493080 CET4973980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:00.373567104 CET8049739185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:01.314703941 CET8049739185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:01.314768076 CET4973980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:01.314795017 CET8049739185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:01.314836979 CET4973980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:01.317828894 CET497452023192.168.2.489.105.201.183
                                                    Nov 15, 2024 07:01:01.322921038 CET20234974589.105.201.183192.168.2.4
                                                    Nov 15, 2024 07:01:01.323105097 CET497452023192.168.2.489.105.201.183
                                                    Nov 15, 2024 07:01:01.323105097 CET497452023192.168.2.489.105.201.183
                                                    Nov 15, 2024 07:01:01.328141928 CET20234974589.105.201.183192.168.2.4
                                                    Nov 15, 2024 07:01:01.328481913 CET497452023192.168.2.489.105.201.183
                                                    Nov 15, 2024 07:01:01.333365917 CET20234974589.105.201.183192.168.2.4
                                                    Nov 15, 2024 07:01:02.144404888 CET20234974589.105.201.183192.168.2.4
                                                    Nov 15, 2024 07:01:02.186367989 CET497452023192.168.2.489.105.201.183
                                                    Nov 15, 2024 07:01:04.158134937 CET4973980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:04.163640022 CET8049739185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:04.515218973 CET8049739185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:04.515374899 CET4973980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:04.626791954 CET4973980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:04.631793976 CET8049739185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:04.941447020 CET8049739185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:04.941518068 CET4973980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:04.941555977 CET8049739185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:04.941603899 CET4973980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:04.942625046 CET497602023192.168.2.489.105.201.183
                                                    Nov 15, 2024 07:01:04.947671890 CET20234976089.105.201.183192.168.2.4
                                                    Nov 15, 2024 07:01:04.947751999 CET497602023192.168.2.489.105.201.183
                                                    Nov 15, 2024 07:01:04.947802067 CET497602023192.168.2.489.105.201.183
                                                    Nov 15, 2024 07:01:04.947844028 CET497602023192.168.2.489.105.201.183
                                                    Nov 15, 2024 07:01:04.952661991 CET20234976089.105.201.183192.168.2.4
                                                    Nov 15, 2024 07:01:04.994647026 CET20234976089.105.201.183192.168.2.4
                                                    Nov 15, 2024 07:01:05.064316988 CET4973980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:05.064605951 CET4976180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:05.069674015 CET8049761185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:05.069753885 CET4976180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:05.069840908 CET4976180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:05.070121050 CET8049739185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:05.070177078 CET4973980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:05.074778080 CET8049761185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:05.566138029 CET20234976089.105.201.183192.168.2.4
                                                    Nov 15, 2024 07:01:05.566319942 CET497602023192.168.2.489.105.201.183
                                                    Nov 15, 2024 07:01:05.993626118 CET8049761185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:05.993931055 CET4976180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:06.112864971 CET4976180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:06.113199949 CET4977280192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:06.118284941 CET8049761185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:06.118330956 CET8049772185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:06.118359089 CET4976180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:06.118524075 CET4977280192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:06.118524075 CET4977280192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:06.123584032 CET8049772185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:07.032819986 CET8049772185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:07.033027887 CET4977280192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:07.143413067 CET4977280192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:07.148951054 CET8049772185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:07.453727961 CET8049772185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:07.453799009 CET4977280192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:07.564229965 CET4977280192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:07.569255114 CET8049772185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:07.866877079 CET8049772185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:07.867192984 CET4977280192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:07.986272097 CET4977280192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:07.986522913 CET4978380192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:07.991530895 CET8049783185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:07.991609097 CET4978380192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:07.991682053 CET8049772185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:07.991738081 CET4977280192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:07.991812944 CET4978380192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:07.996685982 CET8049783185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:08.917296886 CET8049783185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:08.919409037 CET4978380192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:09.033260107 CET4978380192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:09.033623934 CET4978980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:09.038644075 CET8049789185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:09.038789988 CET8049783185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:09.038885117 CET4978980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:09.038887978 CET4978380192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:09.039032936 CET4978980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:09.044105053 CET8049789185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:10.309726000 CET8049789185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:10.309792995 CET4978980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:10.425982952 CET4978980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:10.426310062 CET4979980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:10.431389093 CET8049789185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:10.431425095 CET8049799185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:10.431478024 CET4978980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:10.431533098 CET4979980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:10.431725979 CET4979980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:10.436583042 CET8049799185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:11.385937929 CET8049799185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:11.386140108 CET4979980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:11.503607035 CET4979980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:11.505141020 CET4980580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:11.509059906 CET8049799185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:11.509377003 CET4979980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:11.510227919 CET8049805185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:11.510488033 CET4980580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:11.510534048 CET4980580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:11.515409946 CET8049805185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:12.420936108 CET8049805185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:12.421186924 CET4980580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:12.533380032 CET4980580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:12.538548946 CET8049805185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:12.838709116 CET8049805185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:12.838984013 CET4980580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:12.959889889 CET4980580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:12.960243940 CET4981280192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:12.964962006 CET8049805185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:12.965034962 CET8049812185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:12.965042114 CET4980580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:12.965208054 CET4981280192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:12.965369940 CET4981280192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:12.970223904 CET8049812185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:13.879401922 CET8049812185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:13.879662037 CET4981280192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:14.006426096 CET4981280192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:14.006804943 CET4981980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:14.011657953 CET8049819185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:14.011759043 CET4981980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:14.011883020 CET8049812185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:14.011949062 CET4981280192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:14.012077093 CET4981980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:14.016835928 CET8049819185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:14.942650080 CET8049819185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:14.942791939 CET4981980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:15.066843033 CET4981980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:15.067136049 CET4982780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:15.072091103 CET8049819185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:15.072108030 CET8049827185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:15.072171926 CET4981980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:15.072211981 CET4982780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:15.072390079 CET4982780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:15.077337980 CET8049827185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:15.984363079 CET8049827185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:15.984448910 CET4982780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:16.115367889 CET4982780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:16.115571976 CET4983580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:16.120579004 CET8049835185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:16.120646954 CET4983580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:16.120791912 CET4983580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:16.120800018 CET8049827185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:16.120857000 CET4982780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:16.125580072 CET8049835185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:17.033782005 CET8049835185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:17.037400007 CET4983580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:17.158149958 CET4983580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:17.158550978 CET4984180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:17.163477898 CET8049835185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:17.163492918 CET8049841185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:17.163569927 CET4983580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:17.163604021 CET4984180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:17.163736105 CET4984180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:17.168524027 CET8049841185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:18.075282097 CET8049841185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:18.075397968 CET4984180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:18.189580917 CET4984180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:18.189994097 CET4984780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:18.194844007 CET8049847185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:18.194876909 CET8049841185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:18.194926977 CET4984780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:18.194942951 CET4984180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:18.195103884 CET4984780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:18.199868917 CET8049847185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:19.116764069 CET8049847185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:19.117047071 CET4984780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:19.238012075 CET4984780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:19.238430023 CET4985480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:19.243659973 CET8049847185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:19.243674040 CET8049854185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:19.243705988 CET4984780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:19.243752956 CET4985480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:19.243911028 CET4985480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:19.248976946 CET8049854185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:20.166889906 CET8049854185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:20.167043924 CET4985480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:20.284514904 CET4985480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:20.284991980 CET4986180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:20.289868116 CET8049861185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:20.289942026 CET4986180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:20.290060043 CET4986180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:20.290066957 CET8049854185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:20.290127039 CET4985480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:20.294857025 CET8049861185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:21.204813957 CET8049861185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:21.205064058 CET4986180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:21.330341101 CET4986180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:21.330610037 CET4986980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:21.335664988 CET8049869185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:21.336075068 CET8049861185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:21.336163044 CET4986180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:21.336267948 CET4986980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:21.336267948 CET4986980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:21.341547012 CET8049869185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:22.257719040 CET8049869185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:22.257797003 CET4986980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:22.378806114 CET4986980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:22.378921032 CET4987680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:22.384515047 CET8049876185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:22.384927988 CET4987680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:22.385016918 CET4987680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:22.386336088 CET8049869185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:22.386769056 CET4986980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:22.390367985 CET8049876185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:23.297172070 CET8049876185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:23.297269106 CET4987680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:23.407911062 CET4987680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:23.413198948 CET8049876185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:23.710935116 CET8049876185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:23.711051941 CET4987680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:23.829766035 CET4987680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:23.830117941 CET4988480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:23.835011005 CET8049884185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:23.835086107 CET4988480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:23.835129976 CET8049876185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:23.835190058 CET4987680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:23.835205078 CET4988480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:23.840156078 CET8049884185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:25.783854961 CET8049884185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:25.785357952 CET4988480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:25.907879114 CET4988480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:25.908407927 CET4989680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:25.913058996 CET8049884185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:25.913140059 CET4988480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:25.913275003 CET8049896185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:25.913345098 CET4989680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:25.913464069 CET4989680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:25.918405056 CET8049896185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:26.818639994 CET8049896185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:26.821368933 CET4989680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:26.954898119 CET4989680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:26.955182076 CET4990180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:26.959976912 CET8049896185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:26.960011005 CET8049901185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:26.960025072 CET4989680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:26.960077047 CET4990180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:26.960268974 CET4990180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:26.965065002 CET8049901185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:27.885405064 CET8049901185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:27.885554075 CET4990180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:28.001272917 CET4990180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:28.001583099 CET4990880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:28.007453918 CET8049901185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:28.007539034 CET4990180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:28.007570028 CET8049908185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:28.007648945 CET4990880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:28.007811069 CET4990880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:28.012691975 CET8049908185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:28.946594000 CET8049908185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:28.946666956 CET4990880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:29.068017006 CET4990880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:29.068408966 CET4991480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:29.073378086 CET8049914185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:29.073462009 CET4991480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:29.073620081 CET4991480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:29.073637009 CET8049908185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:29.073709965 CET4990880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:29.078587055 CET8049914185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:29.993195057 CET8049914185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:29.993335009 CET4991480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:30.110718012 CET4991480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:30.110975027 CET4992080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:30.115858078 CET8049920185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:30.115873098 CET8049914185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:30.115988970 CET4991480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:30.116003990 CET4992080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:30.116169930 CET4992080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:30.120901108 CET8049920185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:31.173060894 CET8049920185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:31.173329115 CET4992080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:31.282895088 CET4992080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:31.288429022 CET8049920185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:31.591784000 CET8049920185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:31.591943026 CET4992080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:31.704857111 CET4992080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:31.705142975 CET4993080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:31.710372925 CET8049930185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:31.710488081 CET4993080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:31.710573912 CET4993080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:31.710674047 CET8049920185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:31.710844040 CET4992080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:31.715790033 CET8049930185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:32.622771978 CET8049930185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:32.622952938 CET4993080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:32.736217022 CET4993080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:32.736447096 CET4993680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:32.741590977 CET8049936185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:32.741630077 CET8049930185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:32.741789103 CET4993080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:32.741800070 CET4993680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:32.742006063 CET4993680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:32.746933937 CET8049936185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:33.652002096 CET8049936185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:33.652087927 CET4993680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:33.767190933 CET4993680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:33.767447948 CET4994180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:33.772356987 CET8049941185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:33.772583008 CET8049936185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:33.772666931 CET4993680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:33.772677898 CET4994180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:33.772773027 CET4994180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:33.777712107 CET8049941185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:34.699682951 CET8049941185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:34.699887037 CET4994180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:34.816030025 CET4994180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:34.816468000 CET4994780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:34.821548939 CET8049941185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:34.821643114 CET8049947185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:34.821671963 CET4994180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:34.821741104 CET4994780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:34.821856022 CET4994780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:34.826725006 CET8049947185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:35.764760971 CET8049947185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:35.764849901 CET4994780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:35.878752947 CET4994780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:35.883862019 CET8049947185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:36.194041967 CET8049947185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:36.194262028 CET4994780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:36.317948103 CET4994780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:36.318301916 CET4995880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:36.323447943 CET8049947185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:36.323468924 CET8049958185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:36.323522091 CET4994780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:36.323542118 CET4995880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:36.323637962 CET4995880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:36.328735113 CET8049958185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:37.246402025 CET8049958185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:37.246639013 CET4995880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:37.363277912 CET4995880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:37.363697052 CET4996480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:37.368801117 CET8049964185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:37.368879080 CET8049958185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:37.368892908 CET4996480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:37.368936062 CET4995880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:37.369119883 CET4996480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:37.374259949 CET8049964185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:38.293673992 CET8049964185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:38.293787003 CET4996480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:38.414902925 CET4996480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:38.415225029 CET4997080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:38.420325994 CET8049970185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:38.420387030 CET8049964185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:38.420480967 CET4996480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:38.420485973 CET4997080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:38.420732021 CET4997080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:38.425822020 CET8049970185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:39.346205950 CET8049970185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:39.346296072 CET4997080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:39.455725908 CET4997080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:39.460886002 CET8049970185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:39.764125109 CET8049970185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:39.764461040 CET4997080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:39.878618956 CET4997080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:39.884485960 CET8049970185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:40.192281961 CET8049970185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:40.192382097 CET4997080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:40.314392090 CET4997080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:40.314563036 CET4998480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:40.319801092 CET8049984185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:40.319881916 CET4998480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:40.319967985 CET8049970185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:40.320005894 CET4998480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:40.320041895 CET4997080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:40.325614929 CET8049984185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:41.243911982 CET8049984185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:41.244018078 CET4998480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:41.361191988 CET4998480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:41.361459017 CET4999180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:41.366460085 CET8049991185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:41.366547108 CET4999180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:41.366641998 CET8049984185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:41.366698980 CET4998480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:41.366789103 CET4999180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:41.371686935 CET8049991185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:42.289401054 CET8049991185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:42.289568901 CET4999180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:42.408842087 CET4999180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:42.409096003 CET4999880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:42.414001942 CET8049998185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:42.414091110 CET4999880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:42.414132118 CET8049991185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:42.414194107 CET4999180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:42.414232016 CET4999880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:42.419049025 CET8049998185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:43.319232941 CET8049998185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:43.319444895 CET4999880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:43.439671040 CET4999880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:43.440013885 CET5000480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:43.445054054 CET8050004185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:43.445142984 CET5000480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:43.445245028 CET5000480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:43.445302963 CET8049998185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:43.445421934 CET4999880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:43.450189114 CET8050004185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:44.356075048 CET8050004185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:44.356314898 CET5000480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:44.514261961 CET5000480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:44.514673948 CET5001080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:44.519632101 CET8050010185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:44.519701004 CET5001080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:44.520018101 CET8050004185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:44.520091057 CET5000480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:44.533196926 CET5001080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:44.539000034 CET8050010185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:45.444763899 CET8050010185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:45.444829941 CET5001080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:45.563982010 CET5001080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:45.564330101 CET5001780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:45.569509029 CET8050017185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:45.569547892 CET8050010185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:45.569612026 CET5001780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:45.569626093 CET5001080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:45.569770098 CET5001780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:45.574712992 CET8050017185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:46.488028049 CET8050017185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:46.488109112 CET5001780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:46.597596884 CET5001780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:46.602790117 CET8050017185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:46.906776905 CET8050017185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:46.907018900 CET5001780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:47.065088987 CET5001780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:47.067169905 CET5002780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:47.071209908 CET8050017185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:47.071362019 CET5001780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:47.072376966 CET8050027185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:47.072446108 CET5002780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:47.074882984 CET5002780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:47.079893112 CET8050027185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:47.988614082 CET8050027185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:47.989348888 CET5002780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:48.110965014 CET5002780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:48.111465931 CET5003380192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:48.116811037 CET8050033185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:48.116894960 CET8050027185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:48.117001057 CET5002780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:48.117243052 CET5003380192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:48.117243052 CET5003380192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:48.122212887 CET8050033185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:49.027813911 CET8050033185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:49.027877092 CET5003380192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:49.142940044 CET5003380192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:49.143403053 CET5003980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:49.148164988 CET8050033185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:49.148225069 CET5003380192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:49.148320913 CET8050039185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:49.148386002 CET5003980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:49.148497105 CET5003980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:49.153386116 CET8050039185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:50.065282106 CET8050039185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:50.067439079 CET5003980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:50.191400051 CET5003980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:50.191859007 CET5004480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:50.196585894 CET8050039185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:50.196749926 CET5003980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:50.196875095 CET8050044185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:50.196963072 CET5004480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:50.197166920 CET5004480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:50.201992989 CET8050044185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:51.119915009 CET8050044185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:51.123441935 CET5004480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:51.237987041 CET5004480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:51.238265991 CET5004580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:51.243887901 CET8050045185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:51.243930101 CET8050044185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:51.244453907 CET5004580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:51.244453907 CET5004580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:51.244468927 CET5004480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:51.249958038 CET8050045185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:52.159041882 CET8050045185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:52.159315109 CET5004580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:52.284784079 CET5004580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:52.285137892 CET5004680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:52.290792942 CET8050046185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:52.290883064 CET8050045185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:52.291078091 CET5004680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:52.291258097 CET5004580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:52.291364908 CET5004680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:52.297018051 CET8050046185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:53.205014944 CET8050046185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:53.205251932 CET5004680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:53.333064079 CET5004680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:53.333796978 CET5004780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:53.338722944 CET8050046185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:53.338845015 CET8050047185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:53.338857889 CET5004680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:53.338941097 CET5004780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:53.339104891 CET5004780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:53.343982935 CET8050047185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:54.251362085 CET8050047185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:54.251658916 CET5004780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:54.360786915 CET5004780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:54.366226912 CET8050047185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:54.664494038 CET8050047185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:54.664781094 CET5004780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:54.782644033 CET5004780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:54.782773972 CET5004880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:54.788135052 CET8050048185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:54.788223982 CET8050047185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:54.788352013 CET5004880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:54.788398981 CET5004780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:54.788441896 CET5004880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:54.793868065 CET8050048185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:55.709806919 CET8050048185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:55.710035086 CET5004880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:55.829802990 CET5004880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:55.829952955 CET5004980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:55.835015059 CET8050049185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:55.835098982 CET5004980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:55.835232973 CET5004980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:55.835268974 CET8050048185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:55.835340977 CET5004880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:55.840236902 CET8050049185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:56.764612913 CET8050049185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:56.765028954 CET5004980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:56.876621008 CET5004980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:56.882117987 CET8050049185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:57.197213888 CET8050049185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:57.197323084 CET5004980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:57.316751003 CET5004980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:57.317044020 CET5005080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:57.322242975 CET8050050185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:57.322499037 CET5005080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:57.322499037 CET5005080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:57.322730064 CET8050049185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:57.322904110 CET5004980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:57.329986095 CET8050050185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:58.259193897 CET8050050185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:58.259279013 CET5005080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:58.378839016 CET5005080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:58.379092932 CET5005180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:58.384291887 CET8050051185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:58.384501934 CET5005180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:58.384501934 CET5005180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:58.388670921 CET8050050185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:58.388828039 CET5005080192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:58.389784098 CET8050051185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:59.297656059 CET8050051185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:59.297775984 CET5005180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:59.409075022 CET5005180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:59.414340973 CET8050051185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:59.712176085 CET8050051185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:59.712387085 CET5005180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:59.829870939 CET5005180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:59.830661058 CET5005280192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:59.835973978 CET8050051185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:59.836065054 CET8050052185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:01:59.836102009 CET5005180192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:59.836146116 CET5005280192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:59.836256981 CET5005280192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:01:59.841787100 CET8050052185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:00.762412071 CET8050052185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:00.762607098 CET5005280192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:00.876707077 CET5005280192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:00.877021074 CET5005380192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:00.884413004 CET8050052185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:00.884458065 CET8050053185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:00.884592056 CET5005280192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:00.884754896 CET5005380192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:00.884824991 CET5005380192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:00.892841101 CET8050053185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:01.810648918 CET8050053185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:01.810740948 CET5005380192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:01.988281965 CET5005380192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:01.988564968 CET5005480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:01.993647099 CET8050054185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:01.993733883 CET5005480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:01.993936062 CET8050053185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:01.994009018 CET5005380192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:01.996484995 CET5005480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:02.001828909 CET8050054185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:02.934076071 CET8050054185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:02.934207916 CET5005480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:03.050251007 CET5005480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:03.050522089 CET5005580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:03.055526018 CET8050055185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:03.055612087 CET5005580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:03.055696011 CET5005580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:03.055798054 CET8050054185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:03.055855989 CET5005480192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:03.060575962 CET8050055185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:05.004724979 CET8050055185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:05.004821062 CET5005580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:05.129148960 CET5005580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:05.129472017 CET5005680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:05.134675980 CET8050056185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:05.134715080 CET8050055185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:05.134759903 CET5005680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:05.134778023 CET5005580192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:05.135001898 CET5005680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:05.139936924 CET8050056185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:06.055915117 CET8050056185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:06.057442904 CET5005680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:06.190936089 CET5005680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:06.191370964 CET5005780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:06.196516991 CET8050057185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:06.196636915 CET8050056185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:06.199418068 CET5005780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:06.199419975 CET5005680192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:06.199523926 CET5005780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:06.204418898 CET8050057185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:07.112466097 CET8050057185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:07.112714052 CET5005780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:07.226011038 CET5005780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:07.226552010 CET5005880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:07.231482029 CET8050057185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:07.231532097 CET5005780192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:07.232081890 CET8050058185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:07.232146978 CET5005880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:07.232342005 CET5005880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:07.237153053 CET8050058185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:08.162482023 CET8050058185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:08.165550947 CET5005880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:08.301651955 CET5005880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:08.301872015 CET5005980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:08.306813002 CET8050059185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:08.307053089 CET8050058185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:08.307147026 CET5005980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:08.307158947 CET5005880192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:08.307300091 CET5005980192.168.2.4185.208.158.202
                                                    Nov 15, 2024 07:02:08.312135935 CET8050059185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:09.228636026 CET8050059185.208.158.202192.168.2.4
                                                    Nov 15, 2024 07:02:09.228737116 CET5005980192.168.2.4185.208.158.202

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Nov 15, 2024 07:00:59.216675997 CET6474953192.168.2.445.155.250.90
                                                    Nov 15, 2024 07:00:59.251557112 CET536474945.155.250.90192.168.2.4

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Nov 15, 2024 07:00:59.216675997 CET192.168.2.445.155.250.900x26cfStandard query (0)bfpdiyt.comA (IP address)IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Nov 15, 2024 07:00:59.251557112 CET45.155.250.90192.168.2.40x26cfNo error (0)bfpdiyt.com185.208.158.202A (IP address)IN (0x0001)false

                                                    HTTP Request Dependency Graph

                                                    • bfpdiyt.com

                                                    HTTP Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    0192.168.2.449736185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:00:59.317913055 CET314OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c444db22f31df92d8838ed12a666d307eca743ec4c2b07b5296692386688fa11c4e990 HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:00.242629051 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:00 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    1192.168.2.449739185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:00.368493080 CET314OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c444db22f31df92d8838ed12a666d307eca743ec4c2b07b5296692386688fa11c4e990 HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:01.314703941 CET1236INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:01 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 34 61 65 0d 0a 36 37 62 36 38 61 38 61 33 32 30 33 61 37 37 62 30 34 31 38 66 35 35 66 36 37 37 63 38 31 63 34 35 39 66 65 38 62 64 32 65 39 31 66 31 65 66 35 61 32 35 63 65 39 31 35 38 35 62 63 63 66 62 35 66 62 63 34 30 61 64 39 30 38 38 62 65 38 64 65 32 32 36 36 65 32 30 38 61 36 62 62 39 64 35 39 32 64 65 62 37 36 35 62 62 33 37 34 66 30 36 37 62 37 33 32 35 36 63 30 65 30 64 35 30 65 63 61 34 32 63 64 37 64 62 30 31 62 66 64 33 32 38 38 33 38 65 33 31 36 62 38 36 37 63 37 35 61 61 35 65 61 34 65 65 37 35 62 37 66 34 33 65 63 32 66 36 36 39 34 33 64 37 39 38 63 66 66 31 32 64 65 65 64 39 30 39 39 32 35 63 39 36 61 39 63 31 33 64 38 35 30 38 66 32 31 62 37 35 30 62 36 66 37 35 65 32 39 65 34 36 35 64 62 66 34 36 37 62 30 38 39 65 35 64 30 34 61 65 36 33 35 63 38 31 66 33 31 34 33 35 39 32 36 66 64 32 34 37 35 30 66 37 38 62 38 65 35 38 35 66 34 38 32 32 64 35 31 65 36 35 37 37 61 32 38 66 63 33 34 35 63 66 37 66 35 66 39 38 64 66 66 33 37 36 35 61 35 65 35 34 33 39 38 38 30 66 62 37 61 32 37 31 [TRUNCATED]
                                                    Data Ascii: 4ae67b68a8a3203a77b0418f55f677c81c459fe8bd2e91f1ef5a25ce91585bccfb5fbc40ad9088be8de2266e208a6bb9d592deb765bb374f067b73256c0e0d50eca42cd7db01bfd328838e316b867c75aa5ea4ee75b7f43ec2f66943d798cff12deed909925c96a9c13d8508f21b750b6f75e29e465dbf467b089e5d04ae635c81f31435926fd24750f78b8e585f4822d51e6577a28fc345cf7f5f98dff3765a5e5439880fb7a2718bc61ed86cab26ccf6a00212f66af56c4d9ad392eb1c80dbd1eb8aa33a6c4cc2e752a06d931eb13eedab80251d03e0dc654dfed629d28bd975ea2e2dba9c33e3dbf70bcf30b9cbebd7353aa86f421adf58d8401ef14e044814a6cd1b7c0fbd24f67a199e53fb1758f0829aa27d026df9c03c15fb531041755cfc9695a2554629bfe8d2226634f10cfc9b01210e3d4b8f7de31617ae0368fc3050b4096abc40a5245d47a6b5b354bfdd3d0cffacb539c3c6747fc62328136b7ce92618b51c386211c0b6196f69aec060aaf3188db116d02dd34c6f59108763e7095301cef594560648452dbbba6ed35a3d1c21b5a8f33ca425493b3d164cc503fb262e62d26b36f81501fd1a5a7ac71a5c10e8c4fd4dbc14aad10b748f7aeae6799a930ab26361235c784721de9a1cb4673e82d262b1d1dc12faa46bb1b944bdca0c89340f846819eb2c0350ad23326a48854c451070946d [TRUNCATED]
                                                    Nov 15, 2024 07:01:01.314795017 CET170INData Raw: 66 66 32 61 62 31 34 63 38 65 61 36 64 62 33 65 30 65 36 65 61 31 64 32 35 37 37 63 30 30 33 63 35 63 62 31 66 61 35 35 61 66 65 34 62 32 38 37 33 62 61 64 65 35 61 61 35 38 38 31 31 31 66 33 66 66 31 64 32 33 39 63 65 63 30 39 66 64 64 64 38 61
                                                    Data Ascii: ff2ab14c8ea6db3e0e6ea1d2577c003c5cb1fa55afe4b2873bade5aa588111f3ff1d239cec09fddd8a632cf996d476f566dfb2b24e6eeb1e8ec5a5d82e08c9140a1ace01c6207bf424ff3bc190fbc92430e0
                                                    Nov 15, 2024 07:01:04.158134937 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:04.515218973 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:04 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20
                                                    Nov 15, 2024 07:01:04.626791954 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:04.941447020 CET1236INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:04 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 34 31 65 0d 0a 36 37 62 36 39 63 39 35 33 38 30 34 62 32 36 62 35 36 35 66 65 39 35 62 33 32 31 62 64 31 39 61 35 35 66 63 38 66 63 66 66 35 31 65 31 39 65 62 62 64 35 35 65 39 30 33 63 61 66 66 38 64 65 37 39 35 38 37 34 64 38 30 34 37 64 31 65 34 64 63 32 61 33 30 61 31 35 32 66 66 64 36 63 64 30 37 32 39 65 39 37 64 35 39 61 64 37 35 66 36 36 63 61 38 33 32 35 33 64 65 66 63 64 33 30 62 64 65 34 31 63 38 37 65 61 65 31 34 66 61 33 39 38 66 32 36 65 34 31 30 61 64 36 37 63 63 35 36 61 35 65 32 34 36 65 34 34 34 37 36 34 61 66 32 32 64 36 31 39 66 33 65 36 37 38 65 66 34 31 30 63 39 65 62 38 62 39 39 33 64 64 33 36 65 39 31 31 31 63 36 35 31 38 36 32 32 62 63 35 64 62 33 65 39 35 66 32 61 65 63 37 32 64 30 65 33 37 38 62 39 38 36 66 31 64 34 34 66 65 66 32 30 63 38 31 65 33 31 35 37 35 65 32 30 65 33 32 35 37 39 30 39 36 66 62 62 66 32 38 63 66 65 38 66 33 33 35 30 65 33 35 35 36 35 32 33 66 64 32 62 35 37 66 33 66 63 65 37 38 63 66 31 33 66 37 38 61 31 66 33 34 36 39 61 38 35 65 35 37 62 32 30 30 [TRUNCATED]
                                                    Data Ascii: 41e67b69c953804b26b565fe95b321bd19a55fc8fcff51e19ebbd55e903caff8de795874d8047d1e4dc2a30a152ffd6cd0729e97d59ad75f66ca83253defcd30bde41c87eae14fa398f26e410ad67cc56a5e246e444764af22d619f3e678ef410c9eb8b993dd36e9111c6518622bc5db3e95f2aec72d0e378b986f1d44fef20c81e31575e20e32579096fbbf28cfe8f3350e3556523fd2b57f3fce78cf13f78a1f3469a85e57b200dbc68e792cab265d160032d2f66ad49ccdca9272fbacc04b900b9a239b9c6ce2e75220fcd31ec0defd1b70d4ed23f13cf5dd9ed619d2fa99758a2fcd2a9c63126be78bde60f85a1ba7444a182f03faffd868c1ded14e251844972c8b3dffbdf5465a291e439af74890436a921ca3add8103ce43b4360d1650cad76e573a526c9bfd8e2d32614915d1c0b31319fcd6b8e9d63d7d65e13c9bc3040a5e9cafc7094d44d47d7e5b3748fdd4dbd2f2c950823d6c4df47d348228bdce9b7a9456c58f3e1f097f9cf49be0190fa62f81d0106d01dd35d2f59709683475983f06ed5c467566824ec4b9a0e52aa1d0c00e538f28c243568db2dc67d14f39b56ffc2c2fb07a82541ac5a5a4ae6facc10c9150d7d7ce55ac10b65df1abba649bae2ea12e320429c5836618e9bfca4d7ae22b382a1f11db30ab42ad019045dbbec99443f3448980bbc32a10d02c23ba815bc64f050049d [TRUNCATED]
                                                    Nov 15, 2024 07:01:04.941555977 CET26INData Raw: 63 66 31 62 35 31 36 63 31 65 38 37 33 62 31 65 31 64 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: cf1b516c1e873b1e1d20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    2192.168.2.449761185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:05.069840908 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:05.993626118 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:05 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    3192.168.2.449772185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:06.118524075 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:07.032819986 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:06 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20
                                                    Nov 15, 2024 07:01:07.143413067 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:07.453727961 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:07 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20
                                                    Nov 15, 2024 07:01:07.564229965 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:07.866877079 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:07 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    4192.168.2.449783185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:07.991812944 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:08.917296886 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:08 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    5192.168.2.449789185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:09.039032936 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:10.309726000 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:10 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    6192.168.2.449799185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:10.431725979 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:11.385937929 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:11 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    7192.168.2.449805185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:11.510534048 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:12.420936108 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:12 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20
                                                    Nov 15, 2024 07:01:12.533380032 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:12.838709116 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:12 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    8192.168.2.449812185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:12.965369940 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:13.879401922 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:13 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    9192.168.2.449819185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:14.012077093 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:14.942650080 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:14 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    10192.168.2.449827185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:15.072390079 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:15.984363079 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:15 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    11192.168.2.449835185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:16.120791912 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:17.033782005 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:16 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    12192.168.2.449841185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:17.163736105 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:18.075282097 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:17 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    13192.168.2.449847185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:18.195103884 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:19.116764069 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:18 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    14192.168.2.449854185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:19.243911028 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:20.166889906 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:20 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    15192.168.2.449861185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:20.290060043 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:21.204813957 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:21 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    16192.168.2.449869185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:21.336267948 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:22.257719040 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:22 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    17192.168.2.449876185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:22.385016918 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:23.297172070 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:23 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20
                                                    Nov 15, 2024 07:01:23.407911062 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:23.710935116 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:23 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    18192.168.2.449884185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:23.835205078 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:25.783854961 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:25 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    19192.168.2.449896185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:25.913464069 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:26.818639994 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:26 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    20192.168.2.449901185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:26.960268974 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:27.885405064 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:27 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    21192.168.2.449908185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:28.007811069 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:28.946594000 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:28 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    22192.168.2.449914185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:29.073620081 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:29.993195057 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:29 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    23192.168.2.449920185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:30.116169930 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:31.173060894 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:30 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20
                                                    Nov 15, 2024 07:01:31.282895088 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:31.591784000 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:31 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    24192.168.2.449930185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:31.710573912 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:32.622771978 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:32 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    25192.168.2.449936185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:32.742006063 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:33.652002096 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:33 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    26192.168.2.449941185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:33.772773027 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:34.699682951 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:34 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    27192.168.2.449947185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:34.821856022 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:35.764760971 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:35 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20
                                                    Nov 15, 2024 07:01:35.878752947 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:36.194041967 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:36 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    28192.168.2.449958185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:36.323637962 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:37.246402025 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:37 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    29192.168.2.449964185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:37.369119883 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:38.293673992 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:38 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    30192.168.2.449970185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:38.420732021 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:39.346205950 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:39 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20
                                                    Nov 15, 2024 07:01:39.455725908 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:39.764125109 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:39 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20
                                                    Nov 15, 2024 07:01:39.878618956 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:40.192281961 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:40 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    31192.168.2.449984185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:40.320005894 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:41.243911982 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:41 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    32192.168.2.449991185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:41.366789103 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:42.289401054 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:42 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    33192.168.2.449998185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:42.414232016 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:43.319232941 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:43 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    34192.168.2.450004185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:43.445245028 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:44.356075048 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:44 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    35192.168.2.450010185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:44.533196926 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:45.444763899 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:45 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    36192.168.2.450017185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:45.569770098 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:46.488028049 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:46 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20
                                                    Nov 15, 2024 07:01:46.597596884 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:46.906776905 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:46 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    37192.168.2.450027185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:47.074882984 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:47.988614082 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:47 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    38192.168.2.450033185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:48.117243052 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:49.027813911 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:48 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    39192.168.2.450039185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:49.148497105 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:50.065282106 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:49 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    40192.168.2.450044185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:50.197166920 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:51.119915009 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:50 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    41192.168.2.450045185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:51.244453907 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:52.159041882 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:52 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    42192.168.2.450046185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:52.291364908 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:53.205014944 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:53 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    43192.168.2.450047185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:53.339104891 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:54.251362085 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:54 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20
                                                    Nov 15, 2024 07:01:54.360786915 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:54.664494038 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:54 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    44192.168.2.450048185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:54.788441896 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:55.709806919 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:55 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    45192.168.2.450049185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:55.835232973 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:56.764612913 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:56 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20
                                                    Nov 15, 2024 07:01:56.876621008 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:57.197213888 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:57 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    46192.168.2.450050185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:57.322499037 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:58.259193897 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:58 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    47192.168.2.450051185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:58.384501934 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:59.297656059 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:59 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20
                                                    Nov 15, 2024 07:01:59.409075022 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:01:59.712176085 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:01:59 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    48192.168.2.450052185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:01:59.836256981 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:02:00.762412071 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:02:00 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    49192.168.2.450053185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:02:00.884824991 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:02:01.810648918 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:02:01 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    50192.168.2.450054185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:02:01.996484995 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:02:02.934076071 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:02:02 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    51192.168.2.450055185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:02:03.055696011 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:02:05.004724979 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:02:04 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    52192.168.2.450056185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:02:05.135001898 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:02:06.055915117 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:02:05 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    53192.168.2.450057185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:02:06.199523926 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:02:07.112466097 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:02:06 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    54192.168.2.450058185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:02:07.232342005 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:02:08.162482023 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:02:08 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    55192.168.2.450059185.208.158.202802008C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    TimestampBytes transferredDirectionData
                                                    Nov 15, 2024 07:02:08.307300091 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9909a3fcb6a HTTP/1.1
                                                    Host: bfpdiyt.com
                                                    User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                    Nov 15, 2024 07:02:09.228636026 CET220INHTTP/1.1 200 OK
                                                    Server: nginx/1.20.1
                                                    Date: Fri, 15 Nov 2024 06:02:09 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    X-Powered-By: PHP/7.4.33
                                                    Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: e67b680813008c20


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:01:00:02
                                                    Start date:15/11/2024
                                                    Path:C:\Users\user\Desktop\file.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\Desktop\file.exe"
                                                    Imagebase:0x400000
                                                    File size:5'964'353 bytes
                                                    MD5 hash:A77B03795FD546E1CE17A89770416E0A
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:Borland Delphi
                                                    Reputation:low
                                                    Has exited:false

                                                    General

                                                    Target ID:1
                                                    Start time:01:00:03
                                                    Start date:15/11/2024
                                                    Path:C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\AppData\Local\Temp\is-OI716.tmp\file.tmp" /SL5="$10448,5263804,721408,C:\Users\user\Desktop\file.exe"
                                                    Imagebase:0x400000
                                                    File size:2'532'352 bytes
                                                    MD5 hash:438F4076E92D3C839405BAB4652FE2CE
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:Borland Delphi
                                                    Antivirus matches:
                                                    • Detection: 0%, ReversingLabs
                                                    Reputation:low
                                                    Has exited:false

                                                    General

                                                    Target ID:2
                                                    Start time:01:00:05
                                                    Start date:15/11/2024
                                                    Path:C:\Windows\SysWOW64\net.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Windows\system32\net.exe" pause avidenta_11131
                                                    Imagebase:0xf0000
                                                    File size:47'104 bytes
                                                    MD5 hash:31890A7DE89936F922D44D677F681A7F
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:3
                                                    Start time:01:00:05
                                                    Start date:15/11/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff7699e0000
                                                    File size:862'208 bytes
                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:4
                                                    Start time:01:00:05
                                                    Start date:15/11/2024
                                                    Path:C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\AppData\Local\Avidenta 2.7.7\avidenta.exe" -i
                                                    Imagebase:0x400000
                                                    File size:3'698'688 bytes
                                                    MD5 hash:19F9733DCD58AFF930F87ACDAF4A09FB
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_Socks5Systemz, Description: Yara detected Socks5Systemz, Source: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_Socks5Systemz, Description: Yara detected Socks5Systemz, Source: 00000004.00000002.2940566511.0000000002CD0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                    Antivirus matches:
                                                    • Detection: 67%, ReversingLabs
                                                    Reputation:low
                                                    Has exited:false

                                                    General

                                                    Target ID:5
                                                    Start time:01:00:05
                                                    Start date:15/11/2024
                                                    Path:C:\Windows\SysWOW64\net1.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\system32\net1 pause avidenta_11131
                                                    Imagebase:0x4f0000
                                                    File size:139'776 bytes
                                                    MD5 hash:2EFE6ED4C294AB8A39EB59C80813FEC1
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    Disassembly

                                                    Reset < >

                                                      Non-executed Functions

                                                      Function 10001130 Relevance: .1, Instructions: 55COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.2943411922.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000001.00000002.2943345453.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000001.00000002.2943490990.0000000010002000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_10000000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 550b9f88123d0c3b213a5d4b99e682963a3eaac5120c60ac7846f9a0f3bba5ba
                                                      • Instruction ID: 1c94840b05858ddf3503627acbaac9226f9c4a6e1659969bf0a936c2f155f8a0
                                                      • Opcode Fuzzy Hash: 550b9f88123d0c3b213a5d4b99e682963a3eaac5120c60ac7846f9a0f3bba5ba
                                                      • Instruction Fuzzy Hash: FF11303254D3D28FC305CF2894506D6FFE4AF6A640F194AAEE1D45B203C2659549C7A2
                                                      Function 10001000 Relevance: .0, Instructions: 2COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.2943411922.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                      • Associated: 00000001.00000002.2943345453.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      • Associated: 00000001.00000002.2943490990.0000000010002000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_10000000_file.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: aff350dcda9d135b5489d453054620cf61adfe11cc5af5bb48cdce25d513e1a9
                                                      • Instruction ID: 837d35c9df4effc004866add7a9100bdfed479f04b3922bb4bd4c5469ecd81ba
                                                      • Opcode Fuzzy Hash: aff350dcda9d135b5489d453054620cf61adfe11cc5af5bb48cdce25d513e1a9
                                                      • Instruction Fuzzy Hash:

                                                      Execution Graph

                                                      Execution Coverage:9.9%
                                                      Dynamic/Decrypted Code Coverage:83.9%
                                                      Signature Coverage:5.1%
                                                      Total number of Nodes:2000
                                                      Total number of Limit Nodes:45
                                                      execution_graph 18589 402ac3 RegCloseKey 18590 402bc3 18591 402bcb 18590->18591 18594 401f27 18591->18594 18593 402bd6 18595 401f3c 18594->18595 18598 401a1d 18595->18598 18597 401f45 18597->18593 18597->18597 18599 401a2c 18598->18599 18604 401a4f CreateFileA 18599->18604 18603 401a3e 18603->18597 18605 401a35 18604->18605 18607 401a7d 18604->18607 18612 401b4b LoadLibraryA 18605->18612 18606 401a98 DeviceIoControl 18606->18607 18607->18606 18609 401b3a CloseHandle 18607->18609 18610 401b0e GetLastError 18607->18610 18621 403016 18607->18621 18624 403008 18607->18624 18609->18605 18610->18607 18610->18609 18613 401c21 18612->18613 18614 401b6e GetProcAddress 18612->18614 18613->18603 18615 401c18 FreeLibrary 18614->18615 18618 401b85 18614->18618 18615->18613 18616 401b95 GetAdaptersInfo 18616->18618 18617 403016 7 API calls 18617->18618 18618->18616 18618->18617 18619 401c15 18618->18619 18620 403008 12 API calls 18618->18620 18619->18615 18620->18618 18627 403411 18621->18627 18657 403371 18624->18657 18628 40301f 18627->18628 18629 40341d 18627->18629 18628->18607 18630 403427 18629->18630 18631 40343d 18629->18631 18633 403469 HeapFree 18630->18633 18634 403433 18630->18634 18632 403468 18631->18632 18636 403457 18631->18636 18632->18633 18633->18628 18638 4047ae 18634->18638 18644 40523f 18636->18644 18639 4047ec 18638->18639 18643 404aa2 18638->18643 18640 4049e8 VirtualFree 18639->18640 18639->18643 18641 404a4c 18640->18641 18642 404a5b VirtualFree HeapFree 18641->18642 18641->18643 18642->18643 18643->18628 18645 40526c 18644->18645 18647 405282 18644->18647 18645->18647 18648 405126 18645->18648 18647->18628 18651 405133 18648->18651 18649 4051e3 18649->18647 18650 405154 VirtualFree 18650->18651 18651->18649 18651->18650 18653 4050d0 VirtualFree 18651->18653 18654 4050ed 18653->18654 18655 40511d 18654->18655 18656 4050fd HeapFree 18654->18656 18655->18651 18656->18651 18658 403013 18657->18658 18660 403378 18657->18660 18658->18607 18660->18658 18661 40339d 18660->18661 18662 4033ac 18661->18662 18665 4033c1 18661->18665 18669 4033ba 18662->18669 18670 404ad7 18662->18670 18664 403400 HeapAlloc 18666 40340f 18664->18666 18665->18664 18665->18669 18676 405284 18665->18676 18666->18660 18667 4033bf 18667->18660 18669->18664 18669->18666 18669->18667 18673 404b09 18670->18673 18671 404ba8 18675 404bb7 18671->18675 18690 404e91 18671->18690 18673->18671 18673->18675 18683 404de0 18673->18683 18675->18669 18677 405292 18676->18677 18678 405453 18677->18678 18680 40537e VirtualAlloc 18677->18680 18682 40534f 18677->18682 18694 404f8c 18678->18694 18680->18682 18682->18669 18682->18682 18684 404e23 HeapAlloc 18683->18684 18685 404df3 HeapReAlloc 18683->18685 18686 404e49 VirtualAlloc 18684->18686 18689 404e73 18684->18689 18687 404e12 18685->18687 18685->18689 18688 404e63 HeapFree 18686->18688 18686->18689 18687->18684 18688->18689 18689->18671 18691 404ea3 VirtualAlloc 18690->18691 18693 404eec 18691->18693 18693->18675 18695 404fa0 HeapAlloc 18694->18695 18696 404f99 18694->18696 18697 404fbd VirtualAlloc 18695->18697 18702 404ff5 18695->18702 18696->18697 18698 4050b2 18697->18698 18699 404fdd VirtualAlloc 18697->18699 18700 4050ba HeapFree 18698->18700 18698->18702 18701 4050a4 VirtualFree 18699->18701 18699->18702 18700->18702 18701->18698 18702->18682 18703 2d83d1f 18704 2d83d28 18703->18704 18705 2d83d2d 18703->18705 18717 2d8b8f1 18704->18717 18709 2d83d42 18705->18709 18708 2d83d3b 18710 2d83d4e __write 18709->18710 18714 2d83d9c ___DllMainCRTStartup 18710->18714 18716 2d83df9 __write 18710->18716 18721 2d83bad 18710->18721 18712 2d83dd6 18713 2d83bad __CRT_INIT@12 138 API calls 18712->18713 18712->18716 18713->18716 18714->18712 18715 2d83bad __CRT_INIT@12 138 API calls 18714->18715 18714->18716 18715->18712 18716->18708 18718 2d8b921 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 18717->18718 18719 2d8b914 18717->18719 18720 2d8b918 18718->18720 18719->18718 18719->18720 18720->18705 18722 2d83bb9 __write 18721->18722 18723 2d83c3b 18722->18723 18724 2d83bc1 18722->18724 18726 2d83c3f 18723->18726 18727 2d83ca4 18723->18727 18769 2d881f6 GetProcessHeap 18724->18769 18731 2d83c60 18726->18731 18738 2d83bca __write __CRT_INIT@12 18726->18738 18870 2d8846b 18726->18870 18729 2d83ca9 18727->18729 18730 2d83d07 18727->18730 18728 2d83bc6 18728->18738 18770 2d85da4 18728->18770 18901 2d891db 18729->18901 18730->18738 18929 2d85c34 18730->18929 18873 2d88342 RtlDecodePointer 18731->18873 18735 2d83cb4 18735->18738 18904 2d88a7c 18735->18904 18738->18714 18740 2d83bd6 __RTC_Initialize 18740->18738 18747 2d83be6 GetCommandLineA 18740->18747 18741 2d83c76 __CRT_INIT@12 18897 2d83c8f 18741->18897 18744 2d8b58f __ioterm 60 API calls 18746 2d83c71 18744->18746 18749 2d85e1a __mtterm 62 API calls 18746->18749 18791 2d8b98d GetEnvironmentStringsW 18747->18791 18749->18741 18751 2d83cdd 18753 2d83cfb 18751->18753 18754 2d83ce3 18751->18754 18923 2d82f84 18753->18923 18913 2d85cf1 18754->18913 18758 2d83c00 18760 2d83c04 18758->18760 18823 2d8b5e1 18758->18823 18759 2d83ceb GetCurrentThreadId 18759->18738 18856 2d85e1a 18760->18856 18764 2d83c24 18764->18738 18865 2d8b58f 18764->18865 18769->18728 18937 2d88512 RtlEncodePointer 18770->18937 18772 2d85da9 18942 2d88a2e 18772->18942 18775 2d85db2 18777 2d85e1a __mtterm 62 API calls 18775->18777 18778 2d85db7 18777->18778 18778->18740 18780 2d85dcf 18781 2d88a7c __calloc_crt 59 API calls 18780->18781 18782 2d85ddc 18781->18782 18783 2d85e11 18782->18783 18784 2d891fa __threadstartex@4 TlsSetValue 18782->18784 18785 2d85e1a __mtterm 62 API calls 18783->18785 18786 2d85df0 18784->18786 18787 2d85e16 18785->18787 18786->18783 18788 2d85df6 18786->18788 18787->18740 18789 2d85cf1 __initptd 59 API calls 18788->18789 18790 2d85dfe GetCurrentThreadId 18789->18790 18790->18740 18792 2d8b9a0 WideCharToMultiByte 18791->18792 18793 2d83bf6 18791->18793 18795 2d8ba0a FreeEnvironmentStringsW 18792->18795 18796 2d8b9d3 18792->18796 18804 2d8b2db 18793->18804 18795->18793 18953 2d88ac4 18796->18953 18799 2d8b9e0 WideCharToMultiByte 18800 2d8b9ff FreeEnvironmentStringsW 18799->18800 18801 2d8b9f6 18799->18801 18800->18793 18802 2d82f84 _free 59 API calls 18801->18802 18803 2d8b9fc 18802->18803 18803->18800 18805 2d8b2e7 __write 18804->18805 18806 2d888fd __lock 59 API calls 18805->18806 18807 2d8b2ee 18806->18807 18808 2d88a7c __calloc_crt 59 API calls 18807->18808 18809 2d8b2ff 18808->18809 18810 2d8b36a GetStartupInfoW 18809->18810 18811 2d8b30a __write @_EH4_CallFilterFunc@8 18809->18811 18817 2d8b37f 18810->18817 18820 2d8b4ae 18810->18820 18811->18758 18812 2d8b576 19203 2d8b586 18812->19203 18814 2d88a7c __calloc_crt 59 API calls 18814->18817 18815 2d8b4fb GetStdHandle 18815->18820 18816 2d8b50e GetFileType 18816->18820 18817->18814 18818 2d8b3cd 18817->18818 18817->18820 18819 2d8b401 GetFileType 18818->18819 18818->18820 18821 2d8921c __mtinitlocks InitializeCriticalSectionAndSpinCount 18818->18821 18819->18818 18820->18812 18820->18815 18820->18816 18822 2d8921c __mtinitlocks InitializeCriticalSectionAndSpinCount 18820->18822 18821->18818 18822->18820 18824 2d8b5ef 18823->18824 18825 2d8b5f4 GetModuleFileNameA 18823->18825 19213 2d8529a 18824->19213 18827 2d8b621 18825->18827 19207 2d8b694 18827->19207 18830 2d88ac4 __malloc_crt 59 API calls 18831 2d8b65a 18830->18831 18832 2d8b694 _parse_cmdline 59 API calls 18831->18832 18833 2d83c10 18831->18833 18832->18833 18833->18764 18834 2d8b810 18833->18834 18835 2d8b819 18834->18835 18838 2d8b81e _strlen 18834->18838 18836 2d8529a ___initmbctable 71 API calls 18835->18836 18836->18838 18837 2d83c19 18837->18764 18850 2d8847a 18837->18850 18838->18837 18839 2d88a7c __calloc_crt 59 API calls 18838->18839 18842 2d8b854 _strlen 18839->18842 18840 2d8b8a6 18841 2d82f84 _free 59 API calls 18840->18841 18841->18837 18842->18837 18842->18840 18843 2d88a7c __calloc_crt 59 API calls 18842->18843 18844 2d8b8cd 18842->18844 18847 2d8b8e4 18842->18847 19417 2d86ccc 18842->19417 18843->18842 18846 2d82f84 _free 59 API calls 18844->18846 18846->18837 18848 2d84f15 __invoke_watson 8 API calls 18847->18848 18849 2d8b8f0 18848->18849 18852 2d88486 __IsNonwritableInCurrentImage 18850->18852 19426 2d8d2ef 18852->19426 18853 2d884a4 __initterm_e 18855 2d884c3 __cinit __IsNonwritableInCurrentImage 18853->18855 19429 2d833b4 18853->19429 18855->18764 18857 2d85e24 18856->18857 18859 2d85e2a 18856->18859 19495 2d891bc 18857->19495 18860 2d88963 18859->18860 18861 2d88947 RtlDeleteCriticalSection 18859->18861 18863 2d8896f RtlDeleteCriticalSection 18860->18863 18864 2d88982 18860->18864 18862 2d82f84 _free 59 API calls 18861->18862 18862->18859 18863->18860 18864->18738 18866 2d8b596 18865->18866 18867 2d8b5de 18866->18867 18868 2d82f84 _free 59 API calls 18866->18868 18869 2d8b5af RtlDeleteCriticalSection 18866->18869 18867->18760 18868->18866 18869->18866 18871 2d885b4 _doexit 59 API calls 18870->18871 18872 2d88476 18871->18872 18872->18731 18874 2d8835c 18873->18874 18875 2d8836e 18873->18875 18874->18875 18877 2d82f84 _free 59 API calls 18874->18877 18876 2d82f84 _free 59 API calls 18875->18876 18878 2d8837b 18876->18878 18877->18874 18879 2d8839f 18878->18879 18882 2d82f84 _free 59 API calls 18878->18882 18880 2d82f84 _free 59 API calls 18879->18880 18881 2d883ab 18880->18881 18883 2d82f84 _free 59 API calls 18881->18883 18882->18878 18884 2d883bc 18883->18884 18885 2d82f84 _free 59 API calls 18884->18885 18886 2d883c7 18885->18886 18887 2d883ec RtlEncodePointer 18886->18887 18891 2d82f84 _free 59 API calls 18886->18891 18888 2d88407 18887->18888 18889 2d88401 18887->18889 18890 2d8841d 18888->18890 18893 2d82f84 _free 59 API calls 18888->18893 18892 2d82f84 _free 59 API calls 18889->18892 18894 2d83c65 18890->18894 18896 2d82f84 _free 59 API calls 18890->18896 18895 2d883eb 18891->18895 18892->18888 18893->18890 18894->18741 18894->18744 18895->18887 18896->18894 18898 2d83ca1 18897->18898 18899 2d83c93 18897->18899 18898->18738 18899->18898 18900 2d85e1a __mtterm 62 API calls 18899->18900 18900->18898 18902 2d891ee 18901->18902 18903 2d891f2 TlsGetValue 18901->18903 18902->18735 18903->18735 18906 2d88a83 18904->18906 18907 2d83cc5 18906->18907 18908 2d88aa1 18906->18908 19498 2d904c8 18906->19498 18907->18738 18910 2d891fa 18907->18910 18908->18906 18908->18907 19506 2d89515 Sleep 18908->19506 18911 2d89210 18910->18911 18912 2d89214 TlsSetValue 18910->18912 18911->18751 18912->18751 18914 2d85cfd __write 18913->18914 18915 2d888fd __lock 59 API calls 18914->18915 18916 2d85d3a 18915->18916 19507 2d85d92 18916->19507 18919 2d888fd __lock 59 API calls 18920 2d85d5b ___addlocaleref 18919->18920 19510 2d85d9b 18920->19510 18922 2d85d86 __write 18922->18759 18924 2d82fb6 _free 18923->18924 18925 2d82f8d HeapFree 18923->18925 18924->18738 18925->18924 18926 2d82fa2 18925->18926 18927 2d85e6b __write 57 API calls 18926->18927 18928 2d82fa8 GetLastError 18927->18928 18928->18924 18930 2d85c67 18929->18930 18931 2d85c41 18929->18931 18930->18738 18932 2d85c4f 18931->18932 18933 2d891db __threadstartex@4 TlsGetValue 18931->18933 18934 2d891fa __threadstartex@4 TlsSetValue 18932->18934 18933->18932 18935 2d85c5f 18934->18935 19515 2d85aff 18935->19515 18938 2d88523 __init_pointers __initp_misc_winsig 18937->18938 18949 2d83a17 RtlEncodePointer 18938->18949 18940 2d8853b __init_pointers 18941 2d8928a 34 API calls 18940->18941 18941->18772 18943 2d88a3a 18942->18943 18945 2d85dae 18943->18945 18950 2d8921c 18943->18950 18945->18775 18946 2d8919e 18945->18946 18947 2d85dc4 18946->18947 18948 2d891b5 TlsAlloc 18946->18948 18947->18775 18947->18780 18949->18940 18951 2d89239 InitializeCriticalSectionAndSpinCount 18950->18951 18952 2d8922c 18950->18952 18951->18943 18952->18943 18955 2d88ad2 18953->18955 18956 2d88b04 18955->18956 18958 2d82fbc 18955->18958 18975 2d89515 Sleep 18955->18975 18956->18795 18956->18799 18959 2d83037 18958->18959 18964 2d82fc8 18958->18964 18960 2d88213 __calloc_impl RtlDecodePointer 18959->18960 18962 2d8303d 18960->18962 18961 2d82fd3 18961->18964 18976 2d886e3 18961->18976 18985 2d88740 18961->18985 19020 2d8832c 18961->19020 18965 2d85e6b __write 58 API calls 18962->18965 18964->18961 18966 2d82ffb RtlAllocateHeap 18964->18966 18969 2d83023 18964->18969 18973 2d83021 18964->18973 19023 2d88213 RtlDecodePointer 18964->19023 18967 2d8302f 18965->18967 18966->18964 18966->18967 18967->18955 19025 2d85e6b 18969->19025 18974 2d85e6b __write 58 API calls 18973->18974 18974->18967 18975->18955 19028 2d9018e 18976->19028 18978 2d886ea 18979 2d886f7 18978->18979 18980 2d9018e __NMSG_WRITE 59 API calls 18978->18980 18981 2d88740 __NMSG_WRITE 59 API calls 18979->18981 18983 2d88719 18979->18983 18980->18979 18982 2d8870f 18981->18982 18984 2d88740 __NMSG_WRITE 59 API calls 18982->18984 18983->18961 18984->18983 18986 2d8875e __NMSG_WRITE 18985->18986 18988 2d9018e __NMSG_WRITE 55 API calls 18986->18988 19019 2d88885 18986->19019 18990 2d88771 18988->18990 18989 2d888ee 18989->18961 18991 2d8888a GetStdHandle 18990->18991 18992 2d9018e __NMSG_WRITE 55 API calls 18990->18992 18995 2d88898 _strlen 18991->18995 18991->19019 18993 2d88782 18992->18993 18993->18991 18994 2d88794 18993->18994 18994->19019 19050 2d8f54d 18994->19050 18997 2d888d1 WriteFile 18995->18997 18995->19019 18997->19019 18999 2d887c1 GetModuleFileNameW 19001 2d887e1 18999->19001 19008 2d887f1 __NMSG_WRITE 18999->19008 19000 2d888f2 19002 2d84f15 __invoke_watson 8 API calls 19000->19002 19003 2d8f54d __NMSG_WRITE 55 API calls 19001->19003 19004 2d888fc 19002->19004 19003->19008 19005 2d88921 RtlEnterCriticalSection 19004->19005 19109 2d88985 19004->19109 19005->18961 19008->19000 19013 2d88837 19008->19013 19059 2d8f5c2 19008->19059 19010 2d88914 19010->19005 19131 2d8844f 19010->19131 19013->19000 19068 2d8f4e1 19013->19068 19014 2d8f4e1 __NMSG_WRITE 55 API calls 19016 2d8886e 19014->19016 19016->19000 19017 2d88875 19016->19017 19077 2d901ce RtlEncodePointer 19017->19077 19102 2d8455b 19019->19102 19186 2d882f8 GetModuleHandleExW 19020->19186 19024 2d88226 19023->19024 19024->18964 19189 2d85c82 GetLastError 19025->19189 19027 2d85e70 19027->18973 19029 2d90198 19028->19029 19030 2d901a2 19029->19030 19031 2d85e6b __write 59 API calls 19029->19031 19030->18978 19032 2d901be 19031->19032 19035 2d84f05 19032->19035 19038 2d84eda RtlDecodePointer 19035->19038 19039 2d84eed 19038->19039 19044 2d84f15 IsProcessorFeaturePresent 19039->19044 19042 2d84eda __write 8 API calls 19043 2d84f11 19042->19043 19043->18978 19045 2d84f20 19044->19045 19046 2d84da8 __call_reportfault 7 API calls 19045->19046 19047 2d84f35 19046->19047 19048 2d89523 ___raise_securityfailure GetCurrentProcess TerminateProcess 19047->19048 19049 2d84f04 19048->19049 19049->19042 19051 2d8f558 19050->19051 19052 2d8f566 19050->19052 19051->19052 19057 2d8f57f 19051->19057 19053 2d85e6b __write 59 API calls 19052->19053 19054 2d8f570 19053->19054 19055 2d84f05 __write 9 API calls 19054->19055 19056 2d887b4 19055->19056 19056->18999 19056->19000 19057->19056 19058 2d85e6b __write 59 API calls 19057->19058 19058->19054 19063 2d8f5d0 19059->19063 19060 2d8f5d4 19061 2d85e6b __write 59 API calls 19060->19061 19062 2d8f5d9 19060->19062 19067 2d8f604 19061->19067 19062->19013 19063->19060 19063->19062 19065 2d8f613 19063->19065 19064 2d84f05 __write 9 API calls 19064->19062 19065->19062 19066 2d85e6b __write 59 API calls 19065->19066 19066->19067 19067->19064 19069 2d8f4fb 19068->19069 19072 2d8f4ed 19068->19072 19070 2d85e6b __write 59 API calls 19069->19070 19071 2d8f505 19070->19071 19073 2d84f05 __write 9 API calls 19071->19073 19072->19069 19075 2d8f527 19072->19075 19074 2d88857 19073->19074 19074->19000 19074->19014 19075->19074 19076 2d85e6b __write 59 API calls 19075->19076 19076->19071 19078 2d90202 ___crtIsPackagedApp 19077->19078 19079 2d902c1 IsDebuggerPresent 19078->19079 19080 2d90211 LoadLibraryExW 19078->19080 19103 2d84563 19102->19103 19104 2d84565 IsProcessorFeaturePresent 19102->19104 19103->18989 19106 2d8959f 19104->19106 19138 2d8954e IsDebuggerPresent 19106->19138 19110 2d88991 __write 19109->19110 19111 2d889b0 19110->19111 19112 2d886e3 __FF_MSGBANNER 59 API calls 19110->19112 19114 2d88ac4 __malloc_crt 59 API calls 19111->19114 19120 2d889d3 __write 19111->19120 19113 2d8899f 19112->19113 19115 2d88740 __NMSG_WRITE 59 API calls 19113->19115 19116 2d889c7 19114->19116 19117 2d889a6 19115->19117 19118 2d889dd 19116->19118 19119 2d889ce 19116->19119 19122 2d8832c _doexit 3 API calls 19117->19122 19146 2d888fd 19118->19146 19123 2d85e6b __write 59 API calls 19119->19123 19120->19010 19122->19111 19123->19120 19124 2d889e4 19125 2d88a09 19124->19125 19126 2d889f1 19124->19126 19132 2d886e3 __FF_MSGBANNER 59 API calls 19131->19132 19133 2d88457 19132->19133 19134 2d88740 __NMSG_WRITE 59 API calls 19133->19134 19135 2d8845f 19134->19135 19139 2d89563 ___raise_securityfailure 19138->19139 19144 2d89538 SetUnhandledExceptionFilter UnhandledExceptionFilter 19139->19144 19142 2d8956b ___raise_securityfailure 19145 2d89523 GetCurrentProcess TerminateProcess 19142->19145 19143 2d89588 19143->18989 19144->19142 19145->19143 19147 2d8890e 19146->19147 19148 2d88921 RtlEnterCriticalSection 19146->19148 19149 2d88985 __mtinitlocknum 58 API calls 19147->19149 19148->19124 19150 2d88914 19149->19150 19150->19148 19187 2d88323 ExitProcess 19186->19187 19188 2d88311 GetProcAddress 19186->19188 19188->19187 19190 2d891db __threadstartex@4 TlsGetValue 19189->19190 19191 2d85c97 19190->19191 19192 2d85ce5 SetLastError 19191->19192 19193 2d88a7c __calloc_crt 56 API calls 19191->19193 19192->19027 19194 2d85caa 19193->19194 19194->19192 19195 2d891fa __threadstartex@4 TlsSetValue 19194->19195 19196 2d85cbe 19195->19196 19197 2d85cdc 19196->19197 19198 2d85cc4 19196->19198 19200 2d82f84 _free 56 API calls 19197->19200 19199 2d85cf1 __initptd 56 API calls 19198->19199 19202 2d85ccc GetCurrentThreadId 19199->19202 19201 2d85ce2 19200->19201 19201->19192 19202->19192 19206 2d88a67 RtlLeaveCriticalSection 19203->19206 19205 2d8b58d 19205->18811 19206->19205 19209 2d8b6b6 19207->19209 19212 2d8b71a 19209->19212 19217 2d915e6 19209->19217 19210 2d8b637 19210->18830 19210->18833 19211 2d915e6 _parse_cmdline 59 API calls 19211->19212 19212->19210 19212->19211 19214 2d852a3 19213->19214 19215 2d852aa 19213->19215 19305 2d855f7 19214->19305 19215->18825 19220 2d9158c 19217->19220 19223 2d8228b 19220->19223 19224 2d8229c 19223->19224 19227 2d822e9 19223->19227 19231 2d85c6a 19224->19231 19227->19209 19230 2d822c9 19230->19227 19251 2d85551 19230->19251 19232 2d85c82 __getptd_noexit 59 API calls 19231->19232 19233 2d85c70 19232->19233 19234 2d822a2 19233->19234 19235 2d8844f __amsg_exit 59 API calls 19233->19235 19234->19230 19236 2d851cf 19234->19236 19235->19234 19237 2d851db __write 19236->19237 19238 2d85c6a FindHandlerForForeignException 59 API calls 19237->19238 19239 2d851e4 19238->19239 19240 2d85213 19239->19240 19242 2d851f7 19239->19242 19241 2d888fd __lock 59 API calls 19240->19241 19243 2d8521a 19241->19243 19244 2d85c6a FindHandlerForForeignException 59 API calls 19242->19244 19263 2d8524f 19243->19263 19246 2d851fc 19244->19246 19249 2d8520a __write 19246->19249 19250 2d8844f __amsg_exit 59 API calls 19246->19250 19249->19230 19250->19249 19252 2d8555d __write 19251->19252 19253 2d85c6a FindHandlerForForeignException 59 API calls 19252->19253 19254 2d85567 19253->19254 19255 2d888fd __lock 59 API calls 19254->19255 19261 2d85579 19254->19261 19256 2d85597 19255->19256 19257 2d855c4 19256->19257 19262 2d82f84 _free 59 API calls 19256->19262 19301 2d855ee 19257->19301 19259 2d8844f __amsg_exit 59 API calls 19260 2d85587 __write 19259->19260 19260->19227 19261->19259 19261->19260 19262->19257 19264 2d8522e 19263->19264 19306 2d85603 __write 19305->19306 19307 2d85c6a FindHandlerForForeignException 59 API calls 19306->19307 19308 2d8560b 19307->19308 19309 2d85551 _LocaleUpdate::_LocaleUpdate 59 API calls 19308->19309 19310 2d85615 19309->19310 19330 2d852f2 19310->19330 19313 2d88ac4 __malloc_crt 59 API calls 19314 2d85637 19313->19314 19315 2d85764 __write 19314->19315 19337 2d8579f 19314->19337 19315->19215 19331 2d8228b _LocaleUpdate::_LocaleUpdate 59 API calls 19330->19331 19332 2d85302 19331->19332 19333 2d85311 GetOEMCP 19332->19333 19334 2d85323 19332->19334 19336 2d8533a 19333->19336 19335 2d85328 GetACP 19334->19335 19334->19336 19335->19336 19336->19313 19336->19315 19338 2d852f2 getSystemCP 61 API calls 19337->19338 19339 2d857bc 19338->19339 19342 2d8580d IsValidCodePage 19339->19342 19344 2d857c3 setSBCS 19339->19344 19346 2d85832 __gmtime64_s __setmbcp_nolock 19339->19346 19340 2d8455b __fltout2 6 API calls 19343 2d8581f GetCPInfo 19342->19343 19342->19344 19343->19344 19343->19346 19344->19340 19350 2d853bf GetCPInfo 19346->19350 19418 2d86ce5 19417->19418 19419 2d86cd7 19417->19419 19420 2d85e6b __write 59 API calls 19418->19420 19419->19418 19424 2d86cfb 19419->19424 19421 2d86cec 19420->19421 19422 2d84f05 __write 9 API calls 19421->19422 19423 2d86cf6 19422->19423 19423->18842 19424->19423 19425 2d85e6b __write 59 API calls 19424->19425 19425->19421 19427 2d8d2f2 RtlEncodePointer 19426->19427 19427->19427 19428 2d8d30c 19427->19428 19428->18853 19432 2d832b8 19429->19432 19433 2d832c4 __write 19432->19433 19440 2d885a2 19433->19440 19441 2d888fd __lock 59 API calls 19440->19441 19496 2d891cf 19495->19496 19497 2d891d3 TlsFree 19495->19497 19496->18859 19497->18859 19499 2d904d3 19498->19499 19504 2d904ee 19498->19504 19500 2d904df 19499->19500 19499->19504 19502 2d85e6b __write 58 API calls 19500->19502 19501 2d904fe RtlAllocateHeap 19503 2d904e4 19501->19503 19501->19504 19502->19503 19503->18906 19504->19501 19504->19503 19505 2d88213 __calloc_impl RtlDecodePointer 19504->19505 19505->19504 19506->18908 19513 2d88a67 RtlLeaveCriticalSection 19507->19513 19509 2d85d54 19509->18919 19514 2d88a67 RtlLeaveCriticalSection 19510->19514 19512 2d85da2 19512->18922 19513->19509 19514->19512 19516 2d85b0b __write 19515->19516 19517 2d85b24 19516->19517 19518 2d85c13 __write 19516->19518 19519 2d82f84 _free 59 API calls 19516->19519 19520 2d85b33 19517->19520 19522 2d82f84 _free 59 API calls 19517->19522 19518->18930 19519->19517 19521 2d85b42 19520->19521 19523 2d82f84 _free 59 API calls 19520->19523 19524 2d85b51 19521->19524 19525 2d82f84 _free 59 API calls 19521->19525 19522->19520 19523->19521 19526 2d85b60 19524->19526 19527 2d82f84 _free 59 API calls 19524->19527 19525->19524 19528 2d85b6f 19526->19528 19530 2d82f84 _free 59 API calls 19526->19530 19527->19526 19529 2d85b7e 19528->19529 19531 2d82f84 _free 59 API calls 19528->19531 19532 2d85b90 19529->19532 19533 2d82f84 _free 59 API calls 19529->19533 19530->19528 19531->19529 19534 2d888fd __lock 59 API calls 19532->19534 19533->19532 19537 2d85b98 19534->19537 19539 2d82f84 _free 59 API calls 19537->19539 19540 2d85bbb 19537->19540 19538 2d888fd __lock 59 API calls 19545 2d85bcf ___removelocaleref 19538->19545 19539->19540 19547 2d85c1f 19540->19547 19541 2d85c00 19550 2d85c2b 19541->19550 19544 2d82f84 _free 59 API calls 19544->19518 19545->19541 19546 2d84fd5 ___freetlocinfo 59 API calls 19545->19546 19546->19541 19553 2d88a67 RtlLeaveCriticalSection 19547->19553 19549 2d85bc8 19549->19538 19554 2d88a67 RtlLeaveCriticalSection 19550->19554 19552 2d85c0d 19552->19544 19553->19549 19554->19552 19555 40d24a OpenSCManagerA 19556 40230f 19557 40dcbd RegSetValueExA 19556->19557 19559 4027d2 RegCloseKey 19560 40dd0e 19559->19560 19561 2db33c2 19562 2dcaa49 DeleteFileA 19561->19562 19563 2de69ea Sleep 19562->19563 19565 2d7104d 19566 2d833b4 __cinit 68 API calls 19565->19566 19567 2d71057 19566->19567 19570 2d71aa9 InterlockedIncrement 19567->19570 19571 2d71ac5 WSAStartup InterlockedExchange 19570->19571 19572 2d7105c 19570->19572 19571->19572 19573 4022db 19574 402bbb lstrcmpiW 19573->19574 19576 2d7648b RtlInitializeCriticalSection GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress 19654 2d742c7 19576->19654 19655 2dafa44 19656 2dafa67 WriteFile 19655->19656 19658 2db0ed2 19656->19658 19659 4028de 19660 4028e7 19659->19660 19661 402945 19659->19661 19660->19661 19662 4028ee CopyFileA 19660->19662 19662->19661 19663 403220 GetVersion 19687 404364 HeapCreate 19663->19687 19665 40327f 19666 403284 19665->19666 19667 40328c 19665->19667 19762 40333b 19666->19762 19699 404044 19667->19699 19670 403294 GetCommandLineA 19713 403f12 19670->19713 19675 4032ae 19745 403c0c 19675->19745 19677 4032b3 19678 4032b8 GetStartupInfoA 19677->19678 19758 403bb4 19678->19758 19680 4032ca GetModuleHandleA 19682 4032ee 19680->19682 19768 40395b 19682->19768 19686 403308 19688 404384 19687->19688 19689 4043ba 19687->19689 19775 40421c 19688->19775 19689->19665 19692 404393 19787 40473b HeapAlloc 19692->19787 19694 4043a0 19695 4043bd 19694->19695 19697 404f8c 5 API calls 19694->19697 19695->19665 19696 40439d 19696->19695 19698 4043ae HeapDestroy 19696->19698 19697->19696 19698->19689 19843 40335f 19699->19843 19702 404063 GetStartupInfoA 19709 404174 19702->19709 19712 4040af 19702->19712 19705 40419b GetStdHandle 19707 4041a9 GetFileType 19705->19707 19705->19709 19706 4041db SetHandleCount 19706->19670 19707->19709 19708 40335f 12 API calls 19708->19712 19709->19705 19709->19706 19710 404120 19710->19709 19711 404142 GetFileType 19710->19711 19711->19710 19712->19708 19712->19709 19712->19710 19714 403f60 19713->19714 19715 403f2d GetEnvironmentStringsW 19713->19715 19717 403f35 19714->19717 19718 403f51 19714->19718 19716 403f41 GetEnvironmentStrings 19715->19716 19715->19717 19716->19718 19719 4032a4 19716->19719 19720 403f79 WideCharToMultiByte 19717->19720 19721 403f6d GetEnvironmentStringsW 19717->19721 19718->19719 19723 403ff3 GetEnvironmentStrings 19718->19723 19724 403fff 19718->19724 19736 403cc5 19719->19736 19725 403fad 19720->19725 19726 403fdf FreeEnvironmentStringsW 19720->19726 19721->19719 19721->19720 19723->19719 19723->19724 19727 40335f 12 API calls 19724->19727 19728 40335f 12 API calls 19725->19728 19726->19719 19733 40401a 19727->19733 19729 403fb3 19728->19729 19729->19726 19730 403fbc WideCharToMultiByte 19729->19730 19732 403fcd 19730->19732 19735 403fd6 19730->19735 19731 404030 FreeEnvironmentStringsA 19731->19719 19734 403411 7 API calls 19732->19734 19733->19731 19734->19735 19735->19726 19737 403cd7 19736->19737 19738 403cdc GetModuleFileNameA 19736->19738 19872 406524 19737->19872 19740 403cff 19738->19740 19741 40335f 12 API calls 19740->19741 19742 403d20 19741->19742 19743 403d30 19742->19743 19744 403316 7 API calls 19742->19744 19743->19675 19744->19743 19746 403c19 19745->19746 19748 403c1e 19745->19748 19747 406524 19 API calls 19746->19747 19747->19748 19749 40335f 12 API calls 19748->19749 19750 403c4b 19749->19750 19751 403316 7 API calls 19750->19751 19757 403c5f 19750->19757 19751->19757 19752 403ca2 19753 403411 7 API calls 19752->19753 19754 403cae 19753->19754 19754->19677 19755 40335f 12 API calls 19755->19757 19756 403316 7 API calls 19756->19757 19757->19752 19757->19755 19757->19756 19759 403bbd 19758->19759 19761 403bc2 19758->19761 19760 406524 19 API calls 19759->19760 19760->19761 19761->19680 19763 403344 19762->19763 19764 403349 19762->19764 19765 404594 7 API calls 19763->19765 19766 4045cd 7 API calls 19764->19766 19765->19764 19767 403352 ExitProcess 19766->19767 19896 40397d 19768->19896 19771 403a30 19772 403a3c 19771->19772 19773 403b65 UnhandledExceptionFilter 19772->19773 19774 403a50 19772->19774 19773->19774 19774->19686 19774->19774 19789 4030b0 19775->19789 19778 404245 19779 40425f GetEnvironmentVariableA 19778->19779 19781 404257 19778->19781 19780 40433c 19779->19780 19783 40427e 19779->19783 19780->19781 19794 4041ef GetModuleHandleA 19780->19794 19781->19692 19781->19694 19784 4042c3 GetModuleFileNameA 19783->19784 19785 4042bb 19783->19785 19784->19785 19785->19780 19791 406540 19785->19791 19788 404757 19787->19788 19788->19696 19790 4030bc GetVersionExA 19789->19790 19790->19778 19790->19779 19796 406557 19791->19796 19795 404206 19794->19795 19795->19781 19798 40656f 19796->19798 19800 40659f 19798->19800 19803 405716 19798->19803 19799 405716 6 API calls 19799->19800 19800->19799 19802 406553 19800->19802 19807 40771b 19800->19807 19802->19780 19804 405734 19803->19804 19806 405728 19803->19806 19813 406a7e 19804->19813 19806->19798 19808 407746 19807->19808 19809 407729 19807->19809 19810 407762 19808->19810 19811 405716 6 API calls 19808->19811 19809->19800 19810->19809 19825 406bc7 19810->19825 19811->19810 19814 406ac7 19813->19814 19815 406aaf GetStringTypeW 19813->19815 19817 406af2 GetStringTypeA 19814->19817 19818 406b16 19814->19818 19815->19814 19816 406acb GetStringTypeA 19815->19816 19816->19814 19819 406bb3 19816->19819 19817->19819 19818->19819 19821 406b2c MultiByteToWideChar 19818->19821 19819->19806 19821->19819 19822 406b50 19821->19822 19822->19819 19823 406b8a MultiByteToWideChar 19822->19823 19823->19819 19824 406ba3 GetStringTypeW 19823->19824 19824->19819 19826 406bf7 LCMapStringW 19825->19826 19827 406c13 19825->19827 19826->19827 19828 406c1b LCMapStringA 19826->19828 19829 406c79 19827->19829 19830 406c5c LCMapStringA 19827->19830 19828->19827 19831 406d55 19828->19831 19829->19831 19832 406c8f MultiByteToWideChar 19829->19832 19830->19831 19831->19809 19832->19831 19833 406cb9 19832->19833 19833->19831 19834 406cef MultiByteToWideChar 19833->19834 19834->19831 19835 406d08 LCMapStringW 19834->19835 19835->19831 19836 406d23 19835->19836 19837 406d29 19836->19837 19839 406d69 19836->19839 19837->19831 19838 406d37 LCMapStringW 19837->19838 19838->19831 19839->19831 19840 406da1 LCMapStringW 19839->19840 19840->19831 19841 406db9 WideCharToMultiByte 19840->19841 19841->19831 19844 403371 12 API calls 19843->19844 19845 40336e 19844->19845 19845->19702 19846 403316 19845->19846 19847 403324 19846->19847 19848 40331f 19846->19848 19858 4045cd 19847->19858 19852 404594 19848->19852 19853 40459e 19852->19853 19854 4045cb 19853->19854 19855 4045cd 7 API calls 19853->19855 19854->19847 19856 4045b5 19855->19856 19857 4045cd 7 API calls 19856->19857 19857->19854 19860 4045e0 19858->19860 19859 4046f7 19863 40470a GetStdHandle WriteFile 19859->19863 19860->19859 19861 404620 19860->19861 19866 40332d 19860->19866 19862 40462c GetModuleFileNameA 19861->19862 19861->19866 19864 404644 19862->19864 19863->19866 19867 4068e8 19864->19867 19866->19702 19868 4068f5 LoadLibraryA 19867->19868 19870 406937 19867->19870 19869 406906 GetProcAddress 19868->19869 19868->19870 19869->19870 19871 40691d GetProcAddress GetProcAddress 19869->19871 19870->19866 19871->19870 19873 40652d 19872->19873 19874 406534 19872->19874 19876 406160 19873->19876 19874->19738 19883 4062f9 19876->19883 19878 4062ed 19878->19874 19881 4061a3 GetCPInfo 19882 4061b7 19881->19882 19882->19878 19888 40639f GetCPInfo 19882->19888 19884 406319 19883->19884 19885 406309 GetOEMCP 19883->19885 19886 406171 19884->19886 19887 40631e GetACP 19884->19887 19885->19884 19886->19878 19886->19881 19886->19882 19887->19886 19889 40648a 19888->19889 19893 4063c2 19888->19893 19889->19878 19890 406a7e 6 API calls 19891 40643e 19890->19891 19892 406bc7 9 API calls 19891->19892 19894 406462 19892->19894 19893->19890 19895 406bc7 9 API calls 19894->19895 19895->19889 19897 403989 GetCurrentProcess TerminateProcess 19896->19897 19898 40399a 19896->19898 19897->19898 19899 4032f7 19898->19899 19900 403a04 ExitProcess 19898->19900 19899->19771 19901 2d7f9b2 LoadLibraryA 19902 2d7fa95 19901->19902 19903 2d7f9db GetProcAddress 19901->19903 19904 2d7fa8e FreeLibrary 19903->19904 19907 2d7f9ef 19903->19907 19904->19902 19905 2d7fa01 GetAdaptersInfo 19905->19907 19906 2d7fa89 19906->19904 19907->19905 19907->19906 19909 2d83b5c 19907->19909 19912 2d83b64 19909->19912 19910 2d82fbc _malloc 59 API calls 19910->19912 19911 2d83b7e 19911->19907 19912->19910 19912->19911 19913 2d88213 __calloc_impl RtlDecodePointer 19912->19913 19914 2d83b82 std::exception::exception 19912->19914 19913->19912 19917 2d8456a 19914->19917 19916 2d83bac 19919 2d84589 RaiseException 19917->19919 19919->19916 19920 2db5c7e 19921 2dfe1e6 CreateFileA 19920->19921 19922 2d77bb1 19925 2d77bb8 19922->19925 19946 2d766f4 __gmtime64_s 19922->19946 19924 2d82f84 59 API calls _free 19924->19946 19926 2d7670e RtlEnterCriticalSection RtlLeaveCriticalSection 19926->19946 19927 2d76708 Sleep 19927->19926 19928 2d772ab InternetOpenA 19929 2d772c9 InternetSetOptionA InternetSetOptionA InternetSetOptionA 19928->19929 19928->19946 19934 2d77342 __gmtime64_s 19929->19934 19930 2d77322 InternetOpenUrlA 19931 2d77382 InternetCloseHandle 19930->19931 19930->19934 19931->19946 19932 2d77346 InternetReadFile 19933 2d77377 InternetCloseHandle 19932->19933 19932->19934 19933->19931 19934->19930 19934->19932 19935 2d773e9 RtlEnterCriticalSection RtlLeaveCriticalSection 19967 2d8234c 19935->19967 19937 2d8234c 66 API calls 19937->19946 19938 2d82fbc _malloc 59 API calls 19939 2d7749d RtlEnterCriticalSection RtlLeaveCriticalSection 19938->19939 19939->19946 19940 2d7776a RtlEnterCriticalSection RtlLeaveCriticalSection 19940->19946 19942 2d82fbc 59 API calls _malloc 19942->19946 19945 2d778e2 RtlEnterCriticalSection 19945->19946 19947 2d7790f RtlLeaveCriticalSection 19945->19947 19946->19924 19946->19926 19946->19927 19946->19928 19946->19935 19946->19937 19946->19938 19946->19940 19946->19942 19946->19945 19946->19947 19952 2d835f6 60 API calls _strtok 19946->19952 19954 2d83b5c _Allocate 60 API calls 19946->19954 19957 2d7a730 73 API calls 19946->19957 19963 2d776ec Sleep 19946->19963 19965 2d776e7 shared_ptr 19946->19965 19977 2d7a85a 19946->19977 19981 2d75119 19946->19981 20010 2d7ac1a 19946->20010 20020 2d761f5 19946->20020 20023 2d82428 19946->20023 20032 2d71ba7 19946->20032 20048 2d73d7e 19946->20048 20055 2d78346 19946->20055 20061 2d7d122 19946->20061 20066 2d783f5 19946->20066 20074 2d733b2 19946->20074 20081 2d82860 19946->20081 20084 2d79742 19946->20084 20099 2d7900e 19946->20099 20106 2d7534d 19946->20106 20041 2d73c67 19947->20041 19952->19946 19954->19946 19957->19946 20091 2d81900 19963->20091 19965->19946 19965->19963 20095 2d74100 19965->20095 19968 2d82358 19967->19968 19969 2d8237b 19967->19969 19968->19969 19970 2d8235e 19968->19970 20116 2d82393 19969->20116 19972 2d85e6b __write 59 API calls 19970->19972 19974 2d82363 19972->19974 19973 2d8238e 19973->19946 19975 2d84f05 __write 9 API calls 19974->19975 19976 2d8236e 19975->19976 19976->19946 19978 2d7a864 __EH_prolog 19977->19978 20126 2d7e00b 19978->20126 19980 2d7a882 shared_ptr 19980->19946 19982 2d75123 __EH_prolog 19981->19982 20130 2d80b20 19982->20130 19985 2d73c67 72 API calls 19986 2d7514a 19985->19986 19987 2d73d7e 64 API calls 19986->19987 19988 2d75158 19987->19988 19989 2d78346 89 API calls 19988->19989 19990 2d7516c 19989->19990 19991 2d75322 shared_ptr 19990->19991 20134 2d7a730 19990->20134 19991->19946 19994 2d751f6 19997 2d7a730 73 API calls 19994->19997 19995 2d751c4 19996 2d7a730 73 API calls 19995->19996 19998 2d751d4 19996->19998 19999 2d75207 19997->19999 19998->19991 20001 2d7a730 73 API calls 19998->20001 19999->19991 20000 2d7a730 73 API calls 19999->20000 20002 2d7524a 20000->20002 20003 2d752b4 20001->20003 20002->19991 20004 2d7a730 73 API calls 20002->20004 20003->19991 20005 2d7a730 73 API calls 20003->20005 20004->19998 20006 2d752da 20005->20006 20006->19991 20007 2d7a730 73 API calls 20006->20007 20008 2d75304 20007->20008 20139 2d7cee4 20008->20139 20011 2d7ac24 __EH_prolog 20010->20011 20190 2d7d0f9 20011->20190 20013 2d7ac45 shared_ptr 20193 2d82100 20013->20193 20015 2d7ac5c 20016 2d7ac72 20015->20016 20199 2d73fb0 20015->20199 20016->19946 20021 2d82fbc _malloc 59 API calls 20020->20021 20022 2d76208 20021->20022 20024 2d82459 20023->20024 20025 2d82444 20023->20025 20024->20025 20027 2d82460 20024->20027 20026 2d85e6b __write 59 API calls 20025->20026 20028 2d82449 20026->20028 20030 2d82454 20027->20030 20641 2d85f11 20027->20641 20029 2d84f05 __write 9 API calls 20028->20029 20029->20030 20030->19946 20842 2d95400 20032->20842 20034 2d71bb1 RtlEnterCriticalSection 20035 2d71be9 RtlLeaveCriticalSection 20034->20035 20037 2d71bd1 20034->20037 20843 2d7e33b 20035->20843 20037->20035 20038 2d71c55 RtlLeaveCriticalSection 20037->20038 20038->19946 20039 2d71c22 20039->20038 20042 2d80b20 Mailbox 68 API calls 20041->20042 20043 2d73c7e 20042->20043 20925 2d73ca2 20043->20925 20049 2d73dcb htons 20048->20049 20050 2d73d99 htons 20048->20050 20958 2d73c16 20049->20958 20952 2d73bd3 20050->20952 20054 2d73ded 20054->19946 20056 2d7835e 20055->20056 20059 2d7837f 20055->20059 20989 2d79608 20056->20989 20060 2d783a4 20059->20060 20992 2d72ac7 20059->20992 20060->19946 20062 2d80b20 Mailbox 68 API calls 20061->20062 20064 2d7d138 20062->20064 20063 2d7d226 20063->19946 20064->20063 20065 2d72db5 73 API calls 20064->20065 20065->20064 20067 2d78410 WSASetLastError shutdown 20066->20067 20068 2d78400 20066->20068 20070 2d7a514 69 API calls 20067->20070 20069 2d80b20 Mailbox 68 API calls 20068->20069 20073 2d78405 20069->20073 20071 2d7842d 20070->20071 20072 2d80b20 Mailbox 68 API calls 20071->20072 20071->20073 20072->20073 20073->19946 20075 2d733c4 InterlockedCompareExchange 20074->20075 20076 2d733e1 20074->20076 20075->20076 20077 2d733d6 20075->20077 20078 2d729ee 76 API calls 20076->20078 21086 2d732ab 20077->21086 20080 2d733f1 20078->20080 20080->19946 21139 2d8287e 20081->21139 20083 2d82879 20083->19946 20085 2d7974c __EH_prolog 20084->20085 20086 2d71ba7 210 API calls 20085->20086 20088 2d797a1 20086->20088 20087 2d797be RtlEnterCriticalSection 20089 2d797dc RtlLeaveCriticalSection 20087->20089 20090 2d797d9 20087->20090 20088->20087 20089->19946 20090->20089 20092 2d8190d 20091->20092 20093 2d81931 20091->20093 20092->20093 20094 2d81921 GetProcessHeap HeapFree 20092->20094 20093->19965 20094->20093 20096 2d74112 20095->20096 20097 2d74118 20095->20097 21145 2d7a70e 20096->21145 20097->19965 20100 2d79018 __EH_prolog 20099->20100 21147 2d7373f 20100->21147 20102 2d79032 RtlEnterCriticalSection 20103 2d79041 RtlLeaveCriticalSection 20102->20103 20105 2d7907b 20103->20105 20105->19946 20107 2d82fbc _malloc 59 API calls 20106->20107 20108 2d75362 SHGetSpecialFolderPathA 20107->20108 20109 2d75378 20108->20109 21156 2d83781 20109->21156 20113 2d753dc 21172 2d83a94 20113->21172 20115 2d753e2 20115->19946 20117 2d8228b _LocaleUpdate::_LocaleUpdate 59 API calls 20116->20117 20118 2d823a7 20117->20118 20119 2d823b5 20118->20119 20125 2d823cc 20118->20125 20120 2d85e6b __write 59 API calls 20119->20120 20121 2d823ba 20120->20121 20122 2d84f05 __write 9 API calls 20121->20122 20124 2d823c5 ___ascii_stricmp 20122->20124 20123 2d8598a 66 API calls __tolower_l 20123->20125 20124->19973 20125->20123 20125->20124 20127 2d7e015 __EH_prolog 20126->20127 20128 2d83b5c _Allocate 60 API calls 20127->20128 20129 2d7e02c 20128->20129 20129->19980 20131 2d80b49 20130->20131 20132 2d7513d 20130->20132 20133 2d833b4 __cinit 68 API calls 20131->20133 20132->19985 20133->20132 20135 2d80b20 Mailbox 68 API calls 20134->20135 20137 2d7a74a 20135->20137 20136 2d7519d 20136->19991 20136->19994 20136->19995 20137->20136 20144 2d72db5 20137->20144 20140 2d80b20 Mailbox 68 API calls 20139->20140 20143 2d7cefe 20140->20143 20141 2d7d00d 20141->19991 20143->20141 20171 2d72b95 20143->20171 20145 2d72de4 20144->20145 20146 2d72dca 20144->20146 20147 2d72dfc 20145->20147 20149 2d72def 20145->20149 20148 2d80b20 Mailbox 68 API calls 20146->20148 20158 2d72d39 WSASetLastError WSASend 20147->20158 20151 2d72dcf 20148->20151 20152 2d80b20 Mailbox 68 API calls 20149->20152 20151->20137 20152->20151 20153 2d80b20 68 API calls Mailbox 20154 2d72e0c 20153->20154 20154->20151 20154->20153 20155 2d72e54 WSASetLastError select 20154->20155 20157 2d72d39 71 API calls 20154->20157 20168 2d7a514 20155->20168 20157->20154 20159 2d7a514 69 API calls 20158->20159 20160 2d72d6e 20159->20160 20161 2d72d75 20160->20161 20162 2d72d82 20160->20162 20163 2d80b20 Mailbox 68 API calls 20161->20163 20164 2d80b20 Mailbox 68 API calls 20162->20164 20166 2d72d7a 20162->20166 20163->20166 20164->20166 20165 2d80b20 Mailbox 68 API calls 20167 2d72d9c 20165->20167 20166->20165 20166->20167 20167->20154 20169 2d80b20 Mailbox 68 API calls 20168->20169 20170 2d7a520 WSAGetLastError 20169->20170 20170->20154 20172 2d72bc7 20171->20172 20173 2d72bb1 20171->20173 20176 2d72bd2 20172->20176 20184 2d72bdf 20172->20184 20174 2d80b20 Mailbox 68 API calls 20173->20174 20175 2d72bb6 20174->20175 20175->20143 20178 2d80b20 Mailbox 68 API calls 20176->20178 20177 2d72be2 WSASetLastError WSARecv 20179 2d7a514 69 API calls 20177->20179 20178->20175 20179->20184 20180 2d72d22 20186 2d71996 20180->20186 20182 2d72cbc WSASetLastError select 20183 2d7a514 69 API calls 20182->20183 20183->20184 20184->20175 20184->20177 20184->20180 20184->20182 20185 2d80b20 68 API calls Mailbox 20184->20185 20185->20184 20187 2d7199f 20186->20187 20188 2d719bb 20186->20188 20189 2d833b4 __cinit 68 API calls 20187->20189 20188->20175 20189->20188 20212 2d7e28b 20190->20212 20192 2d7d10b 20192->20013 20293 2d833c9 20193->20293 20196 2d82124 20196->20015 20197 2d8214d ResumeThread 20197->20015 20198 2d82146 CloseHandle 20198->20197 20200 2d80b20 Mailbox 68 API calls 20199->20200 20201 2d73fb8 20200->20201 20612 2d71815 20201->20612 20204 2d7a696 20205 2d7a6a0 __EH_prolog 20204->20205 20618 2d7cc4e 20205->20618 20210 2d8456a __CxxThrowException@8 RaiseException 20211 2d7a6d4 20210->20211 20213 2d7e295 __EH_prolog 20212->20213 20218 2d74030 20213->20218 20217 2d7e2c3 20217->20192 20230 2d95400 20218->20230 20220 2d7403a GetProcessHeap RtlAllocateHeap 20221 2d74053 std::exception::exception 20220->20221 20222 2d7407c 20220->20222 20231 2d7a6d5 20221->20231 20222->20217 20224 2d7408a 20222->20224 20225 2d74094 __EH_prolog 20224->20225 20275 2d7a2f4 20225->20275 20230->20220 20232 2d7a6df __EH_prolog 20231->20232 20239 2d7cc84 20232->20239 20237 2d8456a __CxxThrowException@8 RaiseException 20238 2d7a70d 20237->20238 20245 2d7d7e4 20239->20245 20242 2d7cc9e 20267 2d7d81c 20242->20267 20244 2d7a6fc 20244->20237 20248 2d82523 20245->20248 20251 2d82551 20248->20251 20252 2d8255f 20251->20252 20255 2d7a6ee 20251->20255 20257 2d825e7 20252->20257 20255->20242 20258 2d825f0 20257->20258 20260 2d82564 20257->20260 20259 2d82f84 _free 59 API calls 20258->20259 20259->20260 20260->20255 20261 2d825a9 20260->20261 20262 2d825b5 _strlen 20261->20262 20265 2d825da 20261->20265 20263 2d82fbc _malloc 59 API calls 20262->20263 20264 2d825c7 20263->20264 20264->20265 20266 2d86ccc __fltout2 59 API calls 20264->20266 20265->20255 20266->20265 20268 2d7d826 __EH_prolog 20267->20268 20271 2d7b747 20268->20271 20270 2d7d85d Mailbox 20270->20244 20272 2d7b751 __EH_prolog 20271->20272 20273 2d82523 std::exception::exception 59 API calls 20272->20273 20274 2d7b762 Mailbox 20273->20274 20274->20270 20286 2d7b10b 20275->20286 20277 2d740c1 20278 2d73fdc 20277->20278 20292 2d95400 20278->20292 20280 2d73fe6 CreateEventA 20281 2d7400f 20280->20281 20282 2d73ffd 20280->20282 20281->20217 20283 2d73fb0 Mailbox 68 API calls 20282->20283 20284 2d74005 20283->20284 20285 2d7a696 Mailbox 60 API calls 20284->20285 20285->20281 20287 2d7b117 20286->20287 20289 2d7b127 std::exception::exception 20286->20289 20288 2d83b5c _Allocate 60 API calls 20287->20288 20287->20289 20288->20289 20289->20277 20290 2d8456a __CxxThrowException@8 RaiseException 20289->20290 20291 2d7fb3c 20290->20291 20292->20280 20294 2d833eb 20293->20294 20295 2d833d7 20293->20295 20297 2d88a7c __calloc_crt 59 API calls 20294->20297 20296 2d85e6b __write 59 API calls 20295->20296 20298 2d833dc 20296->20298 20299 2d833f8 20297->20299 20300 2d84f05 __write 9 API calls 20298->20300 20301 2d83449 20299->20301 20303 2d85c6a FindHandlerForForeignException 59 API calls 20299->20303 20306 2d8211b 20300->20306 20302 2d82f84 _free 59 API calls 20301->20302 20304 2d8344f 20302->20304 20305 2d83405 20303->20305 20304->20306 20312 2d85e4a 20304->20312 20307 2d85cf1 __initptd 59 API calls 20305->20307 20306->20196 20306->20197 20306->20198 20309 2d8340e CreateThread 20307->20309 20309->20306 20311 2d83441 GetLastError 20309->20311 20320 2d83529 20309->20320 20311->20301 20317 2d85e37 20312->20317 20314 2d85e53 _free 20315 2d85e6b __write 59 API calls 20314->20315 20316 2d85e66 20315->20316 20316->20306 20318 2d85c82 __getptd_noexit 59 API calls 20317->20318 20319 2d85e3c 20318->20319 20319->20314 20321 2d83532 __threadstartex@4 20320->20321 20322 2d891db __threadstartex@4 TlsGetValue 20321->20322 20323 2d83538 20322->20323 20324 2d8356b 20323->20324 20325 2d8353f __threadstartex@4 20323->20325 20326 2d85aff __freefls@4 59 API calls 20324->20326 20327 2d891fa __threadstartex@4 TlsSetValue 20325->20327 20330 2d83586 ___crtIsPackagedApp 20326->20330 20328 2d8354e 20327->20328 20331 2d83561 GetCurrentThreadId 20328->20331 20332 2d83554 GetLastError RtlExitUserThread 20328->20332 20329 2d8359a 20342 2d83462 20329->20342 20330->20329 20336 2d834d1 20330->20336 20331->20330 20332->20331 20337 2d834da LoadLibraryExW GetProcAddress 20336->20337 20338 2d83513 RtlDecodePointer 20336->20338 20339 2d834fc 20337->20339 20340 2d834fd RtlEncodePointer 20337->20340 20341 2d83523 20338->20341 20339->20329 20340->20338 20341->20329 20343 2d8346e __write 20342->20343 20344 2d85c6a FindHandlerForForeignException 59 API calls 20343->20344 20345 2d83473 20344->20345 20352 2d82170 20345->20352 20370 2d81620 20352->20370 20355 2d821b8 TlsSetValue 20356 2d821c0 20355->20356 20392 2d7ddbf 20356->20392 20383 2d81684 20370->20383 20371 2d8169c 20374 2d816de ResetEvent 20371->20374 20379 2d816b5 OpenEventA 20371->20379 20408 2d81c20 20371->20408 20372 2d81700 20373 2d81716 20372->20373 20375 2d81713 CloseHandle 20372->20375 20376 2d8455b __fltout2 6 API calls 20373->20376 20377 2d816e5 20374->20377 20375->20373 20380 2d8172e 20376->20380 20412 2d81860 20377->20412 20378 2d817ac WaitForSingleObject 20378->20383 20381 2d816cf 20379->20381 20382 2d816d7 20379->20382 20380->20355 20380->20356 20381->20382 20385 2d816d4 CloseHandle 20381->20385 20382->20374 20382->20377 20383->20371 20383->20372 20383->20378 20386 2d81780 CreateEventA 20383->20386 20388 2d81c20 GetCurrentProcessId 20383->20388 20390 2d8179e CloseHandle 20383->20390 20385->20382 20386->20383 20387 2d816b2 20387->20379 20388->20383 20390->20383 20393 2d7dde1 20392->20393 20423 2d74d86 20393->20423 20394 2d7dde4 20396 2d81f40 20394->20396 20397 2d81f79 TlsGetValue 20396->20397 20399 2d81f71 Mailbox 20396->20399 20397->20399 20398 2d81fed 20400 2d82016 20398->20400 20404 2d8200e GetProcessHeap HeapFree 20398->20404 20399->20398 20401 2d81fc9 20399->20401 20403 2d82059 GetProcessHeap HeapFree 20399->20403 20407 2d8204b GetProcessHeap HeapFree 20399->20407 20402 2d81620 17 API calls 20401->20402 20403->20399 20404->20400 20407->20403 20422 2d80c80 20408->20422 20410 2d81c72 GetCurrentProcessId 20411 2d81c85 20410->20411 20411->20387 20413 2d8186f 20412->20413 20416 2d818a5 CreateEventA 20413->20416 20417 2d81c20 GetCurrentProcessId 20413->20417 20419 2d818c7 20413->20419 20414 2d816fd 20414->20372 20415 2d818d3 SetEvent 20415->20414 20418 2d818bb 20416->20418 20416->20419 20420 2d818a2 20417->20420 20418->20419 20421 2d818c0 CloseHandle 20418->20421 20419->20414 20419->20415 20420->20416 20421->20419 20422->20410 20424 2d74d90 __EH_prolog 20423->20424 20425 2d80b20 Mailbox 68 API calls 20424->20425 20426 2d74da6 RtlEnterCriticalSection RtlLeaveCriticalSection 20425->20426 20427 2d750d4 shared_ptr 20426->20427 20440 2d74dd1 std::bad_exception::bad_exception 20426->20440 20427->20394 20429 2d750a1 RtlEnterCriticalSection RtlLeaveCriticalSection 20430 2d750b3 RtlEnterCriticalSection RtlLeaveCriticalSection 20429->20430 20430->20427 20430->20440 20431 2d7a730 73 API calls 20431->20440 20433 2d74e8d RtlEnterCriticalSection RtlLeaveCriticalSection 20434 2d74e9f RtlEnterCriticalSection RtlLeaveCriticalSection 20433->20434 20434->20440 20435 2d7cee4 73 API calls 20435->20440 20440->20429 20440->20430 20440->20431 20440->20433 20440->20434 20440->20435 20441 2d81900 2 API calls 20440->20441 20442 2d74100 2 API calls 20440->20442 20443 2d74bed 20440->20443 20467 2d77d2f 20440->20467 20471 2d7d016 20440->20471 20477 2d77d09 20440->20477 20480 2d7a9bd 20440->20480 20492 2d7aa95 20440->20492 20441->20440 20442->20440 20444 2d74bf7 __EH_prolog 20443->20444 20445 2d71ba7 209 API calls 20444->20445 20446 2d74c31 20445->20446 20504 2d73a94 20446->20504 20468 2d77d4b 20467->20468 20565 2d790bd 20468->20565 20473 2d7d020 __EH_prolog 20471->20473 20472 2d7d049 20474 2d7d08e 20472->20474 20579 2d788a2 20472->20579 20473->20472 20572 2d79229 20473->20572 20474->20440 20586 2d78903 20477->20586 20481 2d7a9c7 __EH_prolog 20480->20481 20482 2d77d09 std::bad_exception::bad_exception 60 API calls 20481->20482 20483 2d7a9e3 20482->20483 20484 2d77d09 std::bad_exception::bad_exception 60 API calls 20483->20484 20493 2d7aa9f __EH_prolog 20492->20493 20601 2d7d0a1 20493->20601 20566 2d790cd 20565->20566 20567 2d790d1 20566->20567 20568 2d790ed 20566->20568 20573 2d79235 20572->20573 20574 2d79281 20572->20574 20577 2d79ae4 std::bad_exception::bad_exception 60 API calls 20573->20577 20578 2d79243 std::bad_exception::bad_exception 20573->20578 20575 2d7fb3d std::bad_exception::bad_exception 60 API calls 20574->20575 20577->20578 20578->20472 20580 2d788f8 20579->20580 20581 2d788b8 20579->20581 20587 2d7898c 20586->20587 20588 2d78918 20586->20588 20591 2d7fb6b std::bad_exception::bad_exception 60 API calls 20587->20591 20589 2d78925 20588->20589 20590 2d7893c 20588->20590 20592 2d79136 std::bad_exception::bad_exception 60 API calls 20589->20592 20593 2d79229 std::bad_exception::bad_exception 60 API calls 20590->20593 20594 2d78996 20591->20594 20602 2d7c516 60 API calls 20601->20602 20603 2d7aab3 20602->20603 20615 2d824e3 20612->20615 20616 2d825a9 std::exception::_Copy_str 59 API calls 20615->20616 20617 2d7182a 20616->20617 20617->20204 20624 2d7d715 20618->20624 20621 2d7cc68 20633 2d7d74d 20621->20633 20623 2d7a6c3 20623->20210 20627 2d7b239 20624->20627 20628 2d7b243 __EH_prolog 20627->20628 20629 2d82523 std::exception::exception 59 API calls 20628->20629 20630 2d7b254 20629->20630 20631 2d77d09 std::bad_exception::bad_exception 60 API calls 20630->20631 20632 2d7a6b5 20631->20632 20632->20621 20634 2d7d757 __EH_prolog 20633->20634 20637 2d7b631 20634->20637 20636 2d7d78e Mailbox 20636->20623 20638 2d7b63b __EH_prolog 20637->20638 20639 2d7b239 std::bad_exception::bad_exception 60 API calls 20638->20639 20640 2d7b64c Mailbox 20639->20640 20640->20636 20662 2d89e41 20641->20662 20643 2d85f1f 20644 2d85f2a 20643->20644 20645 2d85f41 20643->20645 20648 2d85e6b __write 59 API calls 20644->20648 20646 2d85f53 __flsbuf 20645->20646 20647 2d85f46 20645->20647 20650 2d85f2f 20646->20650 20658 2d85fa2 20646->20658 20661 2d85fad 20646->20661 20669 2d8f7b2 20646->20669 20649 2d85e6b __write 59 API calls 20647->20649 20648->20650 20649->20650 20650->20030 20651 2d86031 20653 2d89e65 __write 79 API calls 20651->20653 20652 2d85fb7 20654 2d85fd1 20652->20654 20656 2d85fe8 20652->20656 20653->20650 20681 2d89e65 20654->20681 20656->20650 20709 2d8f806 20656->20709 20658->20661 20678 2d8f975 20658->20678 20661->20651 20661->20652 20663 2d89e4b 20662->20663 20664 2d89e60 20662->20664 20665 2d85e6b __write 59 API calls 20663->20665 20664->20643 20666 2d89e50 20665->20666 20667 2d84f05 __write 9 API calls 20666->20667 20668 2d89e5b 20667->20668 20668->20643 20670 2d8f7ca 20669->20670 20671 2d8f7bd 20669->20671 20673 2d8f7d6 20670->20673 20674 2d85e6b __write 59 API calls 20670->20674 20672 2d85e6b __write 59 API calls 20671->20672 20676 2d8f7c2 20672->20676 20673->20658 20675 2d8f7f7 20674->20675 20677 2d84f05 __write 9 API calls 20675->20677 20676->20658 20677->20676 20679 2d88ac4 __malloc_crt 59 API calls 20678->20679 20680 2d8f98a 20679->20680 20680->20661 20682 2d89e71 __write 20681->20682 20683 2d89e7e 20682->20683 20684 2d89e95 20682->20684 20685 2d85e37 __write 59 API calls 20683->20685 20686 2d89f34 20684->20686 20688 2d89ea9 20684->20688 20687 2d89e83 20685->20687 20689 2d85e37 __write 59 API calls 20686->20689 20690 2d85e6b __write 59 API calls 20687->20690 20691 2d89ed1 20688->20691 20692 2d89ec7 20688->20692 20693 2d89ecc 20689->20693 20701 2d89e8a __write 20690->20701 20734 2d90c97 20691->20734 20694 2d85e37 __write 59 API calls 20692->20694 20697 2d85e6b __write 59 API calls 20693->20697 20694->20693 20696 2d89ed7 20698 2d89eea 20696->20698 20699 2d89efd 20696->20699 20700 2d89f40 20697->20700 20743 2d89f54 20698->20743 20702 2d85e6b __write 59 API calls 20699->20702 20704 2d84f05 __write 9 API calls 20700->20704 20701->20650 20705 2d89f02 20702->20705 20704->20701 20707 2d85e37 __write 59 API calls 20705->20707 20706 2d89ef6 20802 2d89f2c 20706->20802 20707->20706 20710 2d8f812 __write 20709->20710 20711 2d8f83b 20710->20711 20712 2d8f823 20710->20712 20714 2d8f8e0 20711->20714 20719 2d8f870 20711->20719 20713 2d85e37 __write 59 API calls 20712->20713 20715 2d8f828 20713->20715 20716 2d85e37 __write 59 API calls 20714->20716 20717 2d85e6b __write 59 API calls 20715->20717 20718 2d8f8e5 20716->20718 20727 2d8f830 __write 20717->20727 20720 2d85e6b __write 59 API calls 20718->20720 20721 2d90c97 ___lock_fhandle 60 API calls 20719->20721 20722 2d8f8ed 20720->20722 20723 2d8f876 20721->20723 20724 2d84f05 __write 9 API calls 20722->20724 20725 2d8f88c 20723->20725 20726 2d8f8a4 20723->20726 20724->20727 20729 2d8f902 __lseeki64_nolock 61 API calls 20725->20729 20728 2d85e6b __write 59 API calls 20726->20728 20727->20650 20731 2d8f8a9 20728->20731 20730 2d8f89b 20729->20730 20838 2d8f8d8 20730->20838 20732 2d85e37 __write 59 API calls 20731->20732 20732->20730 20735 2d90ca3 __write 20734->20735 20736 2d90cf2 RtlEnterCriticalSection 20735->20736 20737 2d888fd __lock 59 API calls 20735->20737 20738 2d90d18 __write 20736->20738 20739 2d90cc8 20737->20739 20738->20696 20740 2d90ce0 20739->20740 20741 2d8921c __mtinitlocks InitializeCriticalSectionAndSpinCount 20739->20741 20805 2d90d1c 20740->20805 20741->20740 20744 2d89f61 __write_nolock 20743->20744 20745 2d89fbf 20744->20745 20746 2d89fa0 20744->20746 20789 2d89f95 20744->20789 20751 2d8a017 20745->20751 20752 2d89ffb 20745->20752 20747 2d85e37 __write 59 API calls 20746->20747 20750 2d89fa5 20747->20750 20748 2d8455b __fltout2 6 API calls 20749 2d8a7b5 20748->20749 20749->20706 20753 2d85e6b __write 59 API calls 20750->20753 20754 2d8a030 20751->20754 20809 2d8f902 20751->20809 20755 2d85e37 __write 59 API calls 20752->20755 20756 2d89fac 20753->20756 20758 2d8f7b2 __read_nolock 59 API calls 20754->20758 20759 2d8a000 20755->20759 20760 2d84f05 __write 9 API calls 20756->20760 20761 2d8a03e 20758->20761 20762 2d85e6b __write 59 API calls 20759->20762 20760->20789 20763 2d8a397 20761->20763 20768 2d85c6a FindHandlerForForeignException 59 API calls 20761->20768 20764 2d8a007 20762->20764 20766 2d8a72a WriteFile 20763->20766 20767 2d8a3b5 20763->20767 20765 2d84f05 __write 9 API calls 20764->20765 20765->20789 20769 2d8a38a GetLastError 20766->20769 20781 2d8a357 20766->20781 20770 2d8a4d9 20767->20770 20771 2d8a3cb 20767->20771 20772 2d8a06a GetConsoleMode 20768->20772 20769->20781 20787 2d8a5ce 20770->20787 20788 2d8a4e4 20770->20788 20773 2d8a43a WriteFile 20771->20773 20778 2d8a763 20771->20778 20771->20781 20772->20763 20776 2d8a0a9 20772->20776 20773->20769 20773->20771 20774 2d85e6b __write 59 API calls 20777 2d8a791 20774->20777 20775 2d8a0b9 GetConsoleCP 20775->20778 20799 2d8a0e8 20775->20799 20776->20763 20776->20775 20783 2d85e37 __write 59 API calls 20777->20783 20778->20774 20778->20789 20779 2d8a4b7 20784 2d8a75a 20779->20784 20785 2d8a4c2 20779->20785 20780 2d8a643 WideCharToMultiByte 20780->20769 20780->20787 20781->20778 20781->20779 20781->20789 20782 2d8a549 WriteFile 20782->20769 20782->20788 20783->20789 20786 2d85e4a __dosmaperr 59 API calls 20784->20786 20790 2d85e6b __write 59 API calls 20785->20790 20786->20789 20787->20778 20787->20780 20787->20781 20791 2d8a692 WriteFile 20787->20791 20788->20778 20788->20781 20788->20782 20789->20748 20792 2d8a4c7 20790->20792 20791->20787 20794 2d8a6e5 GetLastError 20791->20794 20795 2d85e37 __write 59 API calls 20792->20795 20794->20787 20795->20789 20796 2d8a1d1 WideCharToMultiByte 20796->20781 20798 2d8a20c WriteFile 20796->20798 20797 2d9001a 61 API calls __write_nolock 20797->20799 20798->20769 20798->20799 20799->20769 20799->20781 20799->20796 20799->20797 20800 2d91063 WriteConsoleW CreateFileW __putwch_nolock 20799->20800 20801 2d8a266 WriteFile 20799->20801 20818 2d8dd58 20799->20818 20800->20799 20801->20769 20801->20799 20837 2d9103d RtlLeaveCriticalSection 20802->20837 20804 2d89f32 20804->20701 20808 2d88a67 RtlLeaveCriticalSection 20805->20808 20807 2d90d23 20807->20736 20808->20807 20821 2d90f54 20809->20821 20811 2d8f912 20812 2d8f91a 20811->20812 20813 2d8f92b SetFilePointerEx 20811->20813 20814 2d85e6b __write 59 API calls 20812->20814 20815 2d8f91f 20813->20815 20816 2d8f943 GetLastError 20813->20816 20814->20815 20815->20754 20817 2d85e4a __dosmaperr 59 API calls 20816->20817 20817->20815 20834 2d8dd1e 20818->20834 20822 2d90f5f 20821->20822 20823 2d90f74 20821->20823 20824 2d85e37 __write 59 API calls 20822->20824 20826 2d85e37 __write 59 API calls 20823->20826 20828 2d90f99 20823->20828 20825 2d90f64 20824->20825 20827 2d85e6b __write 59 API calls 20825->20827 20829 2d90fa3 20826->20829 20830 2d90f6c 20827->20830 20828->20811 20831 2d85e6b __write 59 API calls 20829->20831 20830->20811 20832 2d90fab 20831->20832 20833 2d84f05 __write 9 API calls 20832->20833 20833->20830 20835 2d8228b _LocaleUpdate::_LocaleUpdate 59 API calls 20834->20835 20836 2d8dd2f 20835->20836 20836->20799 20837->20804 20841 2d9103d RtlLeaveCriticalSection 20838->20841 20840 2d8f8de 20840->20727 20841->20840 20842->20034 20844 2d7e345 __EH_prolog 20843->20844 20845 2d83b5c _Allocate 60 API calls 20844->20845 20846 2d7e34e 20845->20846 20847 2d71bfa RtlEnterCriticalSection 20846->20847 20849 2d7e55c 20846->20849 20847->20039 20850 2d7e566 __EH_prolog 20849->20850 20853 2d726db RtlEnterCriticalSection 20850->20853 20852 2d7e5bc 20852->20847 20854 2d7277e 20853->20854 20855 2d72728 CreateWaitableTimerA 20853->20855 20858 2d727d5 RtlLeaveCriticalSection 20854->20858 20860 2d83b5c _Allocate 60 API calls 20854->20860 20856 2d7275b SetWaitableTimer 20855->20856 20857 2d72738 GetLastError 20855->20857 20856->20854 20859 2d80b20 Mailbox 68 API calls 20857->20859 20858->20852 20861 2d72745 20859->20861 20862 2d7278a 20860->20862 20897 2d71712 20861->20897 20864 2d727c8 20862->20864 20865 2d83b5c _Allocate 60 API calls 20862->20865 20903 2d77e0e 20864->20903 20867 2d727a9 20865->20867 20869 2d71cf8 CreateEventA 20867->20869 20870 2d71d23 GetLastError 20869->20870 20871 2d71d52 CreateEventA 20869->20871 20874 2d71d33 20870->20874 20872 2d71d6b GetLastError 20871->20872 20891 2d71d96 20871->20891 20875 2d71d7b 20872->20875 20873 2d833c9 __beginthreadex 201 API calls 20876 2d71db6 20873->20876 20877 2d80b20 Mailbox 68 API calls 20874->20877 20879 2d80b20 Mailbox 68 API calls 20875->20879 20880 2d71dc6 GetLastError 20876->20880 20881 2d71e0d 20876->20881 20878 2d71d3c 20877->20878 20882 2d71712 60 API calls 20878->20882 20883 2d71d84 20879->20883 20886 2d71dd8 20880->20886 20884 2d71e11 WaitForSingleObject CloseHandle 20881->20884 20885 2d71e1d 20881->20885 20887 2d71d4e 20882->20887 20888 2d71712 60 API calls 20883->20888 20884->20885 20885->20864 20889 2d71ddf 20886->20889 20890 2d71ddc CloseHandle 20886->20890 20887->20871 20888->20891 20892 2d71dee 20889->20892 20893 2d71de9 CloseHandle 20889->20893 20890->20889 20891->20873 20894 2d80b20 Mailbox 68 API calls 20892->20894 20893->20892 20895 2d71dfb 20894->20895 20896 2d71712 60 API calls 20895->20896 20896->20881 20898 2d7171c __EH_prolog 20897->20898 20899 2d7173e 20898->20899 20900 2d71815 Mailbox 59 API calls 20898->20900 20899->20856 20901 2d71732 20900->20901 20906 2d7a4ad 20901->20906 20904 2d77e2a 20903->20904 20905 2d77e1b CloseHandle 20903->20905 20904->20858 20905->20904 20907 2d7a4b7 __EH_prolog 20906->20907 20914 2d7ca12 20907->20914 20911 2d7a4d8 20912 2d8456a __CxxThrowException@8 RaiseException 20911->20912 20913 2d7a4e6 20912->20913 20915 2d7b239 std::bad_exception::bad_exception 60 API calls 20914->20915 20916 2d7a4ca 20915->20916 20917 2d7ca4e 20916->20917 20918 2d7ca58 __EH_prolog 20917->20918 20921 2d7b1e8 20918->20921 20920 2d7ca87 Mailbox 20920->20911 20922 2d7b1f2 __EH_prolog 20921->20922 20923 2d7b239 std::bad_exception::bad_exception 60 API calls 20922->20923 20924 2d7b203 Mailbox 20923->20924 20924->20920 20936 2d730ae WSASetLastError 20925->20936 20928 2d730ae 71 API calls 20929 2d73c90 20928->20929 20930 2d716ae 20929->20930 20931 2d716b8 __EH_prolog 20930->20931 20932 2d71701 20931->20932 20933 2d824e3 std::exception::exception 59 API calls 20931->20933 20932->19946 20934 2d716dc 20933->20934 20935 2d7a4ad 60 API calls 20934->20935 20935->20932 20937 2d730ce 20936->20937 20938 2d730ec WSAStringToAddressA 20936->20938 20937->20938 20940 2d730d3 20937->20940 20939 2d7a514 69 API calls 20938->20939 20942 2d73114 20939->20942 20941 2d80b20 Mailbox 68 API calls 20940->20941 20951 2d730d8 20941->20951 20943 2d73154 20942->20943 20949 2d7311e _memcmp 20942->20949 20944 2d73135 20943->20944 20946 2d80b20 Mailbox 68 API calls 20943->20946 20945 2d73193 20944->20945 20947 2d80b20 Mailbox 68 API calls 20944->20947 20950 2d80b20 Mailbox 68 API calls 20945->20950 20945->20951 20946->20944 20947->20945 20948 2d80b20 Mailbox 68 API calls 20948->20944 20949->20944 20949->20948 20950->20951 20951->20928 20951->20929 20953 2d73bdd __EH_prolog 20952->20953 20954 2d73bfe htonl htonl 20953->20954 20964 2d824c7 20953->20964 20954->20054 20959 2d73c20 __EH_prolog 20958->20959 20960 2d73c41 20959->20960 20961 2d824c7 std::bad_exception::bad_exception 59 API calls 20959->20961 20960->20054 20962 2d73c35 20961->20962 20963 2d7a662 60 API calls 20962->20963 20963->20960 20965 2d824e3 std::exception::exception 59 API calls 20964->20965 20966 2d73bf2 20965->20966 20967 2d7a662 20966->20967 20968 2d7a66c __EH_prolog 20967->20968 20975 2d7cb85 20968->20975 20972 2d7a687 20973 2d8456a __CxxThrowException@8 RaiseException 20972->20973 20974 2d7a695 20973->20974 20982 2d824ac 20975->20982 20978 2d7cbc1 20979 2d7cbcb __EH_prolog 20978->20979 20985 2d7b557 20979->20985 20981 2d7cbfa Mailbox 20981->20972 20983 2d82523 std::exception::exception 59 API calls 20982->20983 20984 2d7a679 20983->20984 20984->20978 20986 2d7b561 __EH_prolog 20985->20986 20987 2d824ac std::bad_exception::bad_exception 59 API calls 20986->20987 20988 2d7b572 Mailbox 20987->20988 20988->20981 21010 2d7353e 20989->21010 20993 2d72ae8 WSASetLastError connect 20992->20993 20994 2d72ad8 20992->20994 20996 2d7a514 69 API calls 20993->20996 20995 2d80b20 Mailbox 68 API calls 20994->20995 20997 2d72add 20995->20997 20998 2d72b07 20996->20998 21000 2d80b20 Mailbox 68 API calls 20997->21000 20998->20997 20999 2d80b20 Mailbox 68 API calls 20998->20999 20999->20997 21001 2d72b1b 21000->21001 21002 2d80b20 Mailbox 68 API calls 21001->21002 21004 2d72b38 21001->21004 21002->21004 21009 2d72b87 21004->21009 21070 2d73027 21004->21070 21008 2d80b20 Mailbox 68 API calls 21008->21009 21009->20060 21011 2d73548 __EH_prolog 21010->21011 21012 2d73557 21011->21012 21013 2d73576 21011->21013 21014 2d71996 68 API calls 21012->21014 21032 2d72edd WSASetLastError WSASocketA 21013->21032 21022 2d7355f 21014->21022 21017 2d735ad CreateIoCompletionPort 21018 2d735c5 GetLastError 21017->21018 21019 2d735db 21017->21019 21020 2d80b20 Mailbox 68 API calls 21018->21020 21021 2d80b20 Mailbox 68 API calls 21019->21021 21023 2d735d2 21020->21023 21021->21023 21022->20059 21024 2d73626 21023->21024 21025 2d735ef 21023->21025 21058 2d7defe 21024->21058 21026 2d80b20 Mailbox 68 API calls 21025->21026 21027 2d73608 21026->21027 21040 2d729ee 21027->21040 21030 2d73659 21031 2d80b20 Mailbox 68 API calls 21030->21031 21031->21022 21033 2d80b20 Mailbox 68 API calls 21032->21033 21034 2d72f0a WSAGetLastError 21033->21034 21035 2d72f21 21034->21035 21036 2d72f41 21034->21036 21037 2d72f27 setsockopt 21035->21037 21038 2d72f3c 21035->21038 21036->21017 21036->21022 21037->21038 21039 2d80b20 Mailbox 68 API calls 21038->21039 21039->21036 21042 2d72a0c 21040->21042 21057 2d72aad 21040->21057 21041 2d80b20 Mailbox 68 API calls 21044 2d72ab8 21041->21044 21043 2d72a39 WSASetLastError closesocket 21042->21043 21047 2d80b20 Mailbox 68 API calls 21042->21047 21045 2d7a514 69 API calls 21043->21045 21044->21022 21046 2d72a51 21045->21046 21049 2d80b20 Mailbox 68 API calls 21046->21049 21046->21057 21048 2d72a21 21047->21048 21062 2d72f50 21048->21062 21052 2d72a5c 21049->21052 21053 2d72a7b ioctlsocket WSASetLastError closesocket 21052->21053 21054 2d80b20 Mailbox 68 API calls 21052->21054 21056 2d7a514 69 API calls 21053->21056 21055 2d72a6e 21054->21055 21055->21053 21055->21057 21056->21057 21057->21041 21057->21044 21059 2d7df08 __EH_prolog 21058->21059 21060 2d83b5c _Allocate 60 API calls 21059->21060 21061 2d7df1c 21060->21061 21061->21030 21063 2d72f70 WSASetLastError setsockopt 21062->21063 21064 2d72f5b 21062->21064 21065 2d7a514 69 API calls 21063->21065 21066 2d80b20 Mailbox 68 API calls 21064->21066 21067 2d72f9e 21065->21067 21069 2d72a36 21066->21069 21068 2d80b20 Mailbox 68 API calls 21067->21068 21067->21069 21068->21069 21069->21043 21071 2d7304d WSASetLastError select 21070->21071 21072 2d7303b 21070->21072 21074 2d7a514 69 API calls 21071->21074 21073 2d80b20 Mailbox 68 API calls 21072->21073 21077 2d72b59 21073->21077 21075 2d73095 21074->21075 21076 2d80b20 Mailbox 68 API calls 21075->21076 21075->21077 21076->21077 21077->21009 21078 2d72fb4 21077->21078 21079 2d72fd5 WSASetLastError getsockopt 21078->21079 21080 2d72fc0 21078->21080 21082 2d7a514 69 API calls 21079->21082 21081 2d80b20 Mailbox 68 API calls 21080->21081 21085 2d72b7a 21081->21085 21083 2d7300f 21082->21083 21084 2d80b20 Mailbox 68 API calls 21083->21084 21083->21085 21084->21085 21085->21008 21085->21009 21093 2d95400 21086->21093 21088 2d732b5 RtlEnterCriticalSection 21089 2d80b20 Mailbox 68 API calls 21088->21089 21090 2d732d6 21089->21090 21094 2d73307 21090->21094 21093->21088 21096 2d73311 __EH_prolog 21094->21096 21097 2d73350 21096->21097 21106 2d77e8d 21096->21106 21110 2d7239d 21097->21110 21100 2d73390 21116 2d77e36 21100->21116 21101 2d80b20 Mailbox 68 API calls 21103 2d7337c 21101->21103 21105 2d72d39 71 API calls 21103->21105 21105->21100 21109 2d77e9b 21106->21109 21107 2d77f11 21107->21096 21109->21107 21120 2d789f2 21109->21120 21114 2d723ab 21110->21114 21111 2d72417 21111->21100 21111->21101 21112 2d723c1 PostQueuedCompletionStatus 21113 2d723da RtlEnterCriticalSection 21112->21113 21112->21114 21113->21114 21114->21111 21114->21112 21115 2d723f8 InterlockedExchange RtlLeaveCriticalSection 21114->21115 21115->21114 21119 2d77e3b 21116->21119 21117 2d732ee RtlLeaveCriticalSection 21117->20076 21119->21117 21136 2d71e7f 21119->21136 21121 2d78a1c 21120->21121 21122 2d77e36 68 API calls 21121->21122 21123 2d78a62 21122->21123 21124 2d78a89 21123->21124 21126 2d7a27f 21123->21126 21124->21107 21127 2d7a299 21126->21127 21128 2d7a289 21126->21128 21127->21124 21128->21127 21131 2d7fb3d 21128->21131 21132 2d824e3 std::exception::exception 59 API calls 21131->21132 21133 2d7fb55 21132->21133 21134 2d8456a __CxxThrowException@8 RaiseException 21133->21134 21135 2d7fb6a 21134->21135 21137 2d80b20 Mailbox 68 API calls 21136->21137 21138 2d71e90 21137->21138 21138->21119 21140 2d8289b 21139->21140 21141 2d828ab _strlen 21140->21141 21142 2d85e6b __write 59 API calls 21140->21142 21141->20083 21143 2d828a0 21142->21143 21144 2d84f05 __write 9 API calls 21143->21144 21144->21141 21146 2d7a71d GetProcessHeap HeapFree 21145->21146 21146->20097 21148 2d73755 InterlockedCompareExchange 21147->21148 21149 2d73770 21147->21149 21148->21149 21150 2d73765 21148->21150 21151 2d80b20 Mailbox 68 API calls 21149->21151 21152 2d732ab 78 API calls 21150->21152 21153 2d73779 21151->21153 21152->21149 21154 2d729ee 76 API calls 21153->21154 21155 2d7378e 21154->21155 21155->20102 21185 2d836bd 21156->21185 21158 2d753c8 21158->20115 21159 2d83916 21158->21159 21160 2d83922 __write 21159->21160 21161 2d83958 21160->21161 21162 2d83940 21160->21162 21163 2d83950 __write 21160->21163 21327 2d89802 21161->21327 21165 2d85e6b __write 59 API calls 21162->21165 21163->20113 21167 2d83945 21165->21167 21169 2d84f05 __write 9 API calls 21167->21169 21169->21163 21173 2d83aa0 __write 21172->21173 21174 2d83acc 21173->21174 21175 2d83ab4 21173->21175 21178 2d89802 __lock_file 60 API calls 21174->21178 21180 2d83ac4 __write 21174->21180 21176 2d85e6b __write 59 API calls 21175->21176 21177 2d83ab9 21176->21177 21179 2d84f05 __write 9 API calls 21177->21179 21181 2d83ade 21178->21181 21179->21180 21180->20115 21354 2d83a28 21181->21354 21187 2d836c9 __write 21185->21187 21186 2d836db 21188 2d85e6b __write 59 API calls 21186->21188 21187->21186 21189 2d83708 21187->21189 21190 2d836e0 21188->21190 21204 2d898d8 21189->21204 21191 2d84f05 __write 9 API calls 21190->21191 21203 2d836eb __write @_EH4_CallFilterFunc@8 21191->21203 21193 2d8370d 21194 2d83723 21193->21194 21195 2d83716 21193->21195 21197 2d8374c 21194->21197 21198 2d8372c 21194->21198 21196 2d85e6b __write 59 API calls 21195->21196 21196->21203 21219 2d899f7 21197->21219 21200 2d85e6b __write 59 API calls 21198->21200 21200->21203 21203->21158 21205 2d898e4 __write 21204->21205 21206 2d888fd __lock 59 API calls 21205->21206 21217 2d898f2 21206->21217 21207 2d89966 21249 2d899ee 21207->21249 21208 2d8996d 21210 2d88ac4 __malloc_crt 59 API calls 21208->21210 21211 2d89974 21210->21211 21211->21207 21213 2d8921c __mtinitlocks InitializeCriticalSectionAndSpinCount 21211->21213 21212 2d899e3 __write 21212->21193 21216 2d8999a RtlEnterCriticalSection 21213->21216 21214 2d88985 __mtinitlocknum 59 API calls 21214->21217 21216->21207 21217->21207 21217->21208 21217->21214 21239 2d89841 21217->21239 21244 2d898ab 21217->21244 21227 2d89a14 21219->21227 21220 2d89a28 21221 2d85e6b __write 59 API calls 21220->21221 21222 2d89a2d 21221->21222 21223 2d84f05 __write 9 API calls 21222->21223 21225 2d83757 21223->21225 21224 2d89c2b 21260 2d90840 21224->21260 21236 2d83779 21225->21236 21227->21220 21235 2d89bcf 21227->21235 21254 2d9085e 21227->21254 21232 2d9098d __openfile 59 API calls 21233 2d89be7 21232->21233 21234 2d9098d __openfile 59 API calls 21233->21234 21233->21235 21234->21235 21235->21220 21235->21224 21320 2d89871 21236->21320 21238 2d8377f 21238->21203 21240 2d8984c 21239->21240 21241 2d89862 RtlEnterCriticalSection 21239->21241 21242 2d888fd __lock 59 API calls 21240->21242 21241->21217 21243 2d89855 21242->21243 21243->21217 21245 2d898b9 21244->21245 21246 2d898cc RtlLeaveCriticalSection 21244->21246 21252 2d88a67 RtlLeaveCriticalSection 21245->21252 21246->21217 21248 2d898c9 21248->21217 21253 2d88a67 RtlLeaveCriticalSection 21249->21253 21251 2d899f5 21251->21212 21252->21248 21253->21251 21263 2d90876 21254->21263 21256 2d89b95 21256->21220 21257 2d9098d 21256->21257 21271 2d909a5 21257->21271 21259 2d89bc8 21259->21232 21259->21235 21278 2d90729 21260->21278 21262 2d90859 21262->21225 21264 2d9088b 21263->21264 21265 2d90884 21263->21265 21266 2d8228b _LocaleUpdate::_LocaleUpdate 59 API calls 21264->21266 21265->21256 21267 2d90898 21266->21267 21267->21265 21268 2d85e6b __write 59 API calls 21267->21268 21269 2d908cb 21268->21269 21270 2d84f05 __write 9 API calls 21269->21270 21270->21265 21272 2d8228b _LocaleUpdate::_LocaleUpdate 59 API calls 21271->21272 21273 2d909b8 21272->21273 21274 2d85e6b __write 59 API calls 21273->21274 21277 2d909cd 21273->21277 21275 2d909f9 21274->21275 21276 2d84f05 __write 9 API calls 21275->21276 21276->21277 21277->21259 21279 2d90735 __write 21278->21279 21280 2d9074b 21279->21280 21283 2d90781 21279->21283 21281 2d85e6b __write 59 API calls 21280->21281 21282 2d90750 21281->21282 21284 2d84f05 __write 9 API calls 21282->21284 21289 2d907f2 21283->21289 21288 2d9075a __write 21284->21288 21288->21262 21298 2d88246 21289->21298 21291 2d90806 21292 2d82f84 _free 59 API calls 21291->21292 21293 2d9079d 21291->21293 21292->21293 21294 2d907c6 21293->21294 21295 2d907cc 21294->21295 21296 2d907f0 21294->21296 21319 2d9103d RtlLeaveCriticalSection 21295->21319 21296->21288 21299 2d88269 21298->21299 21300 2d88253 21298->21300 21299->21300 21301 2d88270 ___crtIsPackagedApp 21299->21301 21302 2d85e6b __write 59 API calls 21300->21302 21305 2d88279 AreFileApisANSI 21301->21305 21306 2d88286 MultiByteToWideChar 21301->21306 21303 2d88258 21302->21303 21304 2d84f05 __write 9 API calls 21303->21304 21313 2d88262 21304->21313 21305->21306 21307 2d88283 21305->21307 21308 2d882a0 GetLastError 21306->21308 21309 2d882b1 21306->21309 21307->21306 21310 2d85e4a __dosmaperr 59 API calls 21308->21310 21311 2d88ac4 __malloc_crt 59 API calls 21309->21311 21310->21313 21312 2d882b9 21311->21312 21312->21313 21314 2d882c0 MultiByteToWideChar 21312->21314 21313->21291 21314->21313 21315 2d882d6 GetLastError 21314->21315 21316 2d85e4a __dosmaperr 59 API calls 21315->21316 21317 2d882e2 21316->21317 21318 2d82f84 _free 59 API calls 21317->21318 21318->21313 21319->21296 21321 2d8989f RtlLeaveCriticalSection 21320->21321 21322 2d89880 21320->21322 21321->21238 21322->21321 21323 2d89887 21322->21323 21326 2d88a67 RtlLeaveCriticalSection 21323->21326 21325 2d8989c 21325->21238 21326->21325 21328 2d89812 21327->21328 21329 2d89834 RtlEnterCriticalSection 21327->21329 21328->21329 21330 2d8981a 21328->21330 21331 2d8395e 21329->21331 21332 2d888fd __lock 59 API calls 21330->21332 21333 2d837bd 21331->21333 21332->21331 21335 2d837cc 21333->21335 21340 2d837ea 21333->21340 21334 2d837da 21336 2d85e6b __write 59 API calls 21334->21336 21335->21334 21335->21340 21343 2d83804 _memmove 21335->21343 21337 2d837df 21336->21337 21338 2d84f05 __write 9 API calls 21337->21338 21338->21340 21339 2d85f11 __flsbuf 79 API calls 21339->21343 21345 2d83990 21340->21345 21342 2d89e41 __filbuf 59 API calls 21342->21343 21343->21339 21343->21340 21343->21342 21344 2d89e65 __write 79 API calls 21343->21344 21348 2d8a7ff 21343->21348 21344->21343 21346 2d89871 __fsopen 2 API calls 21345->21346 21347 2d83996 21346->21347 21347->21163 21349 2d8a812 21348->21349 21350 2d8a836 21348->21350 21349->21350 21351 2d89e41 __filbuf 59 API calls 21349->21351 21350->21343 21352 2d8a82f 21351->21352 21353 2d89e65 __write 79 API calls 21352->21353 21353->21350 21355 2d83a4b 21354->21355 21356 2d83a37 21354->21356 21359 2d8a7ff __flush 79 API calls 21355->21359 21363 2d83a47 21355->21363 21357 2d85e6b __write 59 API calls 21356->21357 21358 2d83a3c 21357->21358 21360 2d84f05 __write 9 API calls 21358->21360 21361 2d83a57 21359->21361 21360->21363 21373 2d8b2ab 21361->21373 21370 2d83b03 21363->21370 21365 2d89e41 __filbuf 59 API calls 21366 2d83a65 21365->21366 21377 2d8b136 21366->21377 21368 2d83a6b 21368->21363 21369 2d82f84 _free 59 API calls 21368->21369 21369->21363 21371 2d89871 __fsopen 2 API calls 21370->21371 21372 2d83b09 21371->21372 21372->21180 21374 2d83a5f 21373->21374 21375 2d8b2b8 21373->21375 21374->21365 21375->21374 21376 2d82f84 _free 59 API calls 21375->21376 21376->21374 21378 2d8b142 __write 21377->21378 21379 2d8b14f 21378->21379 21380 2d8b166 21378->21380 21382 2d85e37 __write 59 API calls 21379->21382 21381 2d8b1f1 21380->21381 21384 2d8b176 21380->21384 21385 2d85e37 __write 59 API calls 21381->21385 21383 2d8b154 21382->21383 21386 2d85e6b __write 59 API calls 21383->21386 21387 2d8b19e 21384->21387 21388 2d8b194 21384->21388 21389 2d8b199 21385->21389 21400 2d8b15b __write 21386->21400 21391 2d90c97 ___lock_fhandle 60 API calls 21387->21391 21390 2d85e37 __write 59 API calls 21388->21390 21392 2d85e6b __write 59 API calls 21389->21392 21390->21389 21393 2d8b1a4 21391->21393 21394 2d8b1fd 21392->21394 21395 2d8b1c2 21393->21395 21396 2d8b1b7 21393->21396 21398 2d84f05 __write 9 API calls 21394->21398 21397 2d85e6b __write 59 API calls 21395->21397 21403 2d8b211 21396->21403 21401 2d8b1bd 21397->21401 21398->21400 21400->21368 21418 2d8b1e9 21401->21418 21404 2d90f54 __lseeki64_nolock 59 API calls 21403->21404 21407 2d8b21f 21404->21407 21405 2d8b275 21421 2d90ece 21405->21421 21407->21405 21408 2d8b253 21407->21408 21411 2d90f54 __lseeki64_nolock 59 API calls 21407->21411 21408->21405 21409 2d90f54 __lseeki64_nolock 59 API calls 21408->21409 21412 2d8b25f CloseHandle 21409->21412 21414 2d8b24a 21411->21414 21412->21405 21415 2d8b26b GetLastError 21412->21415 21413 2d8b29f 21413->21401 21417 2d90f54 __lseeki64_nolock 59 API calls 21414->21417 21415->21405 21416 2d85e4a __dosmaperr 59 API calls 21416->21413 21417->21408 21430 2d9103d RtlLeaveCriticalSection 21418->21430 21420 2d8b1ef 21420->21400 21422 2d90f3a 21421->21422 21423 2d90eda 21421->21423 21424 2d85e6b __write 59 API calls 21422->21424 21423->21422 21428 2d90f03 21423->21428 21425 2d90f3f 21424->21425 21426 2d85e37 __write 59 API calls 21425->21426 21427 2d8b27d 21426->21427 21427->21413 21427->21416 21428->21427 21429 2d90f25 SetStdHandle 21428->21429 21429->21427 21430->21420 21431 402226 CreateDirectoryA 21432 40d5eb 21431->21432 21433 402aa7 21434 40d188 RegQueryValueExA 21433->21434 21436 2daf872 DnsQuery_A 21437 2daf886 21436->21437 21438 2dafb30 21439 2df8fd6 CreateFileA 21438->21439 21440 2df8fe1 21439->21440 21441 402aec Sleep 21442 40d420 21441->21442 21442->21442 21443 4025f0 21444 4025f4 21443->21444 21445 4025bb GetLastError 21443->21445 21447 402673 LoadLibraryExA 21444->21447 21445->21447 21448 40d000 21447->21448 21449 40d735 VirtualAlloc 21450 4026f6 21451 40276f RegOpenKeyExA 21450->21451 21453 402950 21451->21453 21456 2d7f8ae CreateFileA 21457 2d7f8df 21456->21457 21458 2d7f9aa 21456->21458 21459 2d7f8f7 DeviceIoControl 21457->21459 21460 2d7f9a0 CloseHandle 21457->21460 21461 2d7f96c GetLastError 21457->21461 21462 2d83b5c _Allocate 60 API calls 21457->21462 21459->21457 21460->21458 21461->21457 21461->21460 21462->21457 21463 40263a 21464 40d718 21463->21464 21466 402648 21463->21466 21467 401f64 FindResourceA 21464->21467 21468 401f86 GetLastError SizeofResource 21467->21468 21469 401f9f 21467->21469 21468->21469 21470 401fa6 LoadResource LockResource GlobalAlloc 21468->21470 21469->21464 21471 401fd2 21470->21471 21472 401ffb GetTickCount 21471->21472 21474 402005 GlobalAlloc 21472->21474 21474->21469 21475 40d83f RegCreateKeyExA

                                                      Executed Functions

                                                      Function 02D772AB Relevance: 74.2, APIs: 29, Strings: 13, Instructions: 659networksleepfileCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 0 2d772ab-2d772c3 InternetOpenA 1 2d77389-2d7738f 0->1 2 2d772c9-2d77340 InternetSetOptionA * 3 call 2d84b00 InternetOpenUrlA 0->2 4 2d77391-2d77397 1->4 5 2d773ab-2d773b9 1->5 14 2d77382-2d77383 InternetCloseHandle 2->14 15 2d77342 2->15 9 2d7739d-2d773aa call 2d753ec 4->9 10 2d77399-2d7739b 4->10 6 2d766f4-2d766f6 5->6 7 2d773bf-2d773e3 call 2d84b00 call 2d7439c 5->7 12 2d766ff-2d76701 6->12 13 2d766f8-2d766fd 6->13 7->6 31 2d773e9-2d77417 RtlEnterCriticalSection RtlLeaveCriticalSection call 2d8234c 7->31 9->5 10->5 17 2d76703 12->17 18 2d7670e-2d76742 RtlEnterCriticalSection RtlLeaveCriticalSection 12->18 20 2d76708 Sleep 13->20 14->1 21 2d77346-2d7736c InternetReadFile 15->21 17->20 26 2d76744-2d76750 18->26 27 2d76792 18->27 20->18 24 2d77377-2d7737e InternetCloseHandle 21->24 25 2d7736e-2d77375 21->25 24->14 25->21 26->27 29 2d76752-2d7675f 26->29 30 2d76796 27->30 32 2d76767-2d76768 29->32 33 2d76761-2d76765 29->33 30->0 38 2d7746d-2d77488 call 2d8234c 31->38 39 2d77419-2d7742b call 2d8234c 31->39 35 2d7676c-2d76790 call 2d84b00 * 2 32->35 33->35 35->30 47 2d77742-2d77754 call 2d8234c 38->47 48 2d7748e-2d77490 38->48 39->38 49 2d7742d-2d7743f call 2d8234c 39->49 56 2d77756-2d77758 47->56 57 2d7779d-2d777af call 2d8234c 47->57 48->47 51 2d77496-2d77548 call 2d82fbc RtlEnterCriticalSection RtlLeaveCriticalSection call 2d84b00 * 5 call 2d7439c * 2 48->51 49->38 59 2d77441-2d77453 call 2d8234c 49->59 114 2d77585 51->114 115 2d7754a-2d7754c 51->115 56->57 60 2d7775a-2d77798 call 2d84b00 RtlEnterCriticalSection RtlLeaveCriticalSection 56->60 68 2d777b1-2d777cb call 2d761f5 call 2d76303 call 2d7640e 57->68 69 2d777d0-2d777e2 call 2d8234c 57->69 59->38 70 2d77455-2d77467 call 2d8234c 59->70 60->6 68->6 83 2d77b00-2d77b12 call 2d8234c 69->83 84 2d777e8-2d777ea 69->84 70->6 70->38 83->6 95 2d77b18-2d77b46 call 2d82fbc call 2d84b00 call 2d7439c 83->95 84->83 88 2d777f0-2d77807 call 2d7439c 84->88 88->6 99 2d7780d-2d778db call 2d82428 call 2d71ba7 88->99 123 2d77b4f-2d77b56 call 2d82f84 95->123 124 2d77b48-2d77b4a call 2d7534d 95->124 112 2d778e2-2d77903 RtlEnterCriticalSection 99->112 113 2d778dd call 2d7143f 99->113 120 2d77905-2d7790c 112->120 121 2d7790f-2d77973 RtlLeaveCriticalSection call 2d73c67 call 2d73d7e call 2d78346 112->121 113->112 118 2d77589-2d775b7 call 2d82fbc call 2d84b00 call 2d7439c 114->118 115->114 122 2d7754e-2d77560 call 2d8234c 115->122 145 2d775b9-2d775c8 call 2d835f6 118->145 146 2d775f8-2d77601 call 2d82f84 118->146 120->121 147 2d77ae7-2d77afb call 2d7900e 121->147 148 2d77979-2d779c1 call 2d7a730 121->148 122->114 136 2d77562-2d77583 call 2d7439c 122->136 123->6 124->123 136->118 145->146 161 2d775ca 145->161 159 2d77607-2d7761f call 2d83b5c 146->159 160 2d77738-2d7773b 146->160 147->6 157 2d779c7-2d779ce 148->157 158 2d77ab1-2d77ae2 call 2d783f5 call 2d733b2 148->158 163 2d779d1-2d779d6 157->163 158->147 172 2d77621-2d77629 call 2d79742 159->172 173 2d7762b 159->173 160->47 165 2d775cf-2d775e1 call 2d82860 161->165 163->163 167 2d779d8-2d77a23 call 2d7a730 163->167 178 2d775e6-2d775f6 call 2d835f6 165->178 179 2d775e3 165->179 167->158 181 2d77a29-2d77a2f 167->181 177 2d7762d-2d776e5 call 2d7a85a call 2d73863 call 2d75119 call 2d73863 call 2d7ab00 call 2d7ac1a 172->177 173->177 203 2d776e7 call 2d7380b 177->203 204 2d776ec-2d77717 Sleep call 2d81900 177->204 178->146 178->165 179->178 185 2d77a32-2d77a37 181->185 185->185 188 2d77a39-2d77a74 call 2d7a730 185->188 188->158 194 2d77a76-2d77ab0 call 2d7d122 188->194 194->158 203->204 208 2d77723-2d77731 204->208 209 2d77719-2d77722 call 2d74100 204->209 208->160 211 2d77733 call 2d7380b 208->211 209->208 211->160
                                                      APIs
                                                      • Sleep.KERNEL32(0000EA60), ref: 02D76708
                                                      • RtlEnterCriticalSection.NTDLL(02DA71E0), ref: 02D76713
                                                      • RtlLeaveCriticalSection.NTDLL(02DA71E0), ref: 02D76724
                                                      • InternetOpenA.WININET(?), ref: 02D772B5
                                                      • InternetSetOptionA.WININET(00000000,00000002,?), ref: 02D772DD
                                                      • InternetSetOptionA.WININET(00000000,00000005,00001388,00000004), ref: 02D772F5
                                                      • InternetSetOptionA.WININET(00000000,00000006,00001388,00000004), ref: 02D7730D
                                                      • InternetOpenUrlA.WININET(00000000,?,?,000000FF,04000200), ref: 02D77336
                                                      • InternetReadFile.WININET(00000000,?,00001000,?), ref: 02D77358
                                                      • InternetCloseHandle.WININET(00000000), ref: 02D77378
                                                      • InternetCloseHandle.WININET(00000000), ref: 02D77383
                                                      • RtlEnterCriticalSection.NTDLL(02DA71E0), ref: 02D773EE
                                                      • RtlLeaveCriticalSection.NTDLL(02DA71E0), ref: 02D773FF
                                                      • _malloc.LIBCMT ref: 02D77498
                                                      • RtlEnterCriticalSection.NTDLL(02DA71E0), ref: 02D774AA
                                                      • RtlLeaveCriticalSection.NTDLL(02DA71E0), ref: 02D774B6
                                                      • _malloc.LIBCMT ref: 02D7758E
                                                      • _strtok.LIBCMT ref: 02D775BF
                                                      • _swscanf.LIBCMT ref: 02D775D6
                                                      • _strtok.LIBCMT ref: 02D775ED
                                                      • _free.LIBCMT ref: 02D775F9
                                                      • Sleep.KERNEL32(000007D0), ref: 02D776F1
                                                      • RtlEnterCriticalSection.NTDLL(02DA71E0), ref: 02D77772
                                                      • RtlLeaveCriticalSection.NTDLL(02DA71E0), ref: 02D77784
                                                      • _sprintf.LIBCMT ref: 02D77822
                                                      • RtlEnterCriticalSection.NTDLL(00000020), ref: 02D778E6
                                                      • RtlLeaveCriticalSection.NTDLL(00000020), ref: 02D7791A
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CriticalSection$Internet$EnterLeave$Option$CloseHandleOpenSleep_malloc_strtok$FileRead_free_sprintf_swscanf
                                                      • String ID: $%d;$<htm$Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)$auth_ip$auth_swith$block$connect$disconnect$idle$updips$updurls$urls
                                                      • API String ID: 1657546717-1839899575
                                                      • Opcode ID: fb2c93a18384f4a967f6f0e5752b3c66e9672fac6cf1b9e9223ae55c197403f7
                                                      • Instruction ID: c598fd10b0234eeddbc31fad9e849e5d409f6887a309ceb99c10195e342750a0
                                                      • Opcode Fuzzy Hash: fb2c93a18384f4a967f6f0e5752b3c66e9672fac6cf1b9e9223ae55c197403f7
                                                      • Instruction Fuzzy Hash: 5632DF716483819FE724AB24D854BAFB7E6EF85314F10081DF98997391FB789C04CB62
                                                      Function 02D7648B Relevance: 68.5, APIs: 34, Strings: 5, Instructions: 228memorysleeplibraryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 214 2d7648b-2d766f1 RtlInitializeCriticalSection GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress call 2d742c7 GetTickCount call 2d7605a GetVersionExA call 2d84b00 call 2d82fbc * 8 GetProcessHeap RtlAllocateHeap GetProcessHeap RtlAllocateHeap GetProcessHeap RtlAllocateHeap call 2d84b00 * 3 RtlEnterCriticalSection RtlLeaveCriticalSection call 2d82fbc * 4 QueryPerformanceCounter Sleep call 2d82fbc * 2 call 2d84b00 * 2 259 2d766f4-2d766f6 214->259 260 2d766ff-2d76701 259->260 261 2d766f8-2d766fd 259->261 262 2d76703 260->262 263 2d7670e-2d76742 RtlEnterCriticalSection RtlLeaveCriticalSection 260->263 264 2d76708 Sleep 261->264 262->264 265 2d76744-2d76750 263->265 266 2d76792 263->266 264->263 265->266 267 2d76752-2d7675f 265->267 268 2d76796-2d772c3 InternetOpenA 266->268 270 2d76767-2d76768 267->270 271 2d76761-2d76765 267->271 272 2d77389-2d7738f 268->272 273 2d772c9-2d77340 InternetSetOptionA * 3 call 2d84b00 InternetOpenUrlA 268->273 274 2d7676c-2d76790 call 2d84b00 * 2 270->274 271->274 276 2d77391-2d77397 272->276 277 2d773ab-2d773b9 272->277 285 2d77382-2d77383 InternetCloseHandle 273->285 286 2d77342 273->286 274->268 281 2d7739d-2d773aa call 2d753ec 276->281 282 2d77399-2d7739b 276->282 277->259 279 2d773bf-2d773e3 call 2d84b00 call 2d7439c 277->279 279->259 297 2d773e9-2d77417 RtlEnterCriticalSection RtlLeaveCriticalSection call 2d8234c 279->297 281->277 282->277 285->272 290 2d77346-2d7736c InternetReadFile 286->290 294 2d77377-2d7737e InternetCloseHandle 290->294 295 2d7736e-2d77375 290->295 294->285 295->290 300 2d7746d-2d77488 call 2d8234c 297->300 301 2d77419-2d7742b call 2d8234c 297->301 306 2d77742-2d77754 call 2d8234c 300->306 307 2d7748e-2d77490 300->307 301->300 308 2d7742d-2d7743f call 2d8234c 301->308 315 2d77756-2d77758 306->315 316 2d7779d-2d777af call 2d8234c 306->316 307->306 310 2d77496-2d77548 call 2d82fbc RtlEnterCriticalSection RtlLeaveCriticalSection call 2d84b00 * 5 call 2d7439c * 2 307->310 308->300 318 2d77441-2d77453 call 2d8234c 308->318 373 2d77585 310->373 374 2d7754a-2d7754c 310->374 315->316 319 2d7775a-2d77798 call 2d84b00 RtlEnterCriticalSection RtlLeaveCriticalSection 315->319 327 2d777b1-2d777bf call 2d761f5 call 2d76303 316->327 328 2d777d0-2d777e2 call 2d8234c 316->328 318->300 329 2d77455-2d77467 call 2d8234c 318->329 319->259 345 2d777c4-2d777cb call 2d7640e 327->345 342 2d77b00-2d77b12 call 2d8234c 328->342 343 2d777e8-2d777ea 328->343 329->259 329->300 342->259 354 2d77b18-2d77b46 call 2d82fbc call 2d84b00 call 2d7439c 342->354 343->342 347 2d777f0-2d77807 call 2d7439c 343->347 345->259 347->259 358 2d7780d-2d778db call 2d82428 call 2d71ba7 347->358 382 2d77b4f-2d77b56 call 2d82f84 354->382 383 2d77b48-2d77b4a call 2d7534d 354->383 371 2d778e2-2d77903 RtlEnterCriticalSection 358->371 372 2d778dd call 2d7143f 358->372 379 2d77905-2d7790c 371->379 380 2d7790f-2d77973 RtlLeaveCriticalSection call 2d73c67 call 2d73d7e call 2d78346 371->380 372->371 377 2d77589-2d775b7 call 2d82fbc call 2d84b00 call 2d7439c 373->377 374->373 381 2d7754e-2d77560 call 2d8234c 374->381 404 2d775b9-2d775c8 call 2d835f6 377->404 405 2d775f8-2d77601 call 2d82f84 377->405 379->380 406 2d77ae7-2d77afb call 2d7900e 380->406 407 2d77979-2d779c1 call 2d7a730 380->407 381->373 395 2d77562-2d77583 call 2d7439c 381->395 382->259 383->382 395->377 404->405 420 2d775ca 404->420 418 2d77607-2d7761f call 2d83b5c 405->418 419 2d77738-2d7773b 405->419 406->259 416 2d779c7-2d779ce 407->416 417 2d77ab1-2d77ae2 call 2d783f5 call 2d733b2 407->417 422 2d779d1-2d779d6 416->422 417->406 431 2d77621-2d77629 call 2d79742 418->431 432 2d7762b 418->432 419->306 424 2d775cf-2d775e1 call 2d82860 420->424 422->422 426 2d779d8-2d77a23 call 2d7a730 422->426 437 2d775e6-2d775f6 call 2d835f6 424->437 438 2d775e3 424->438 426->417 440 2d77a29-2d77a2f 426->440 436 2d7762d-2d776cf call 2d7a85a call 2d73863 call 2d75119 call 2d73863 call 2d7ab00 call 2d7ac1a 431->436 432->436 461 2d776d4-2d776e5 436->461 437->405 437->424 438->437 444 2d77a32-2d77a37 440->444 444->444 447 2d77a39-2d77a74 call 2d7a730 444->447 447->417 453 2d77a76-2d77aaa call 2d7d122 447->453 457 2d77aaf-2d77ab0 453->457 457->417 462 2d776e7 call 2d7380b 461->462 463 2d776ec-2d77717 Sleep call 2d81900 461->463 462->463 467 2d77723-2d77731 463->467 468 2d77719-2d77722 call 2d74100 463->468 467->419 470 2d77733 call 2d7380b 467->470 468->467 470->419
                                                      APIs
                                                      • RtlInitializeCriticalSection.NTDLL(02DA71E0), ref: 02D764BA
                                                      • GetModuleHandleA.KERNEL32(ntdll.dll,sprintf), ref: 02D764D1
                                                      • GetProcAddress.KERNEL32(00000000), ref: 02D764DA
                                                      • GetModuleHandleA.KERNEL32(ntdll.dll,strcat), ref: 02D764E9
                                                      • GetProcAddress.KERNEL32(00000000), ref: 02D764EC
                                                      • GetTickCount.KERNEL32 ref: 02D764F8
                                                        • Part of subcall function 02D7605A: _malloc.LIBCMT ref: 02D76068
                                                      • GetVersionExA.KERNEL32(02DA7038), ref: 02D76525
                                                      • _malloc.LIBCMT ref: 02D76551
                                                        • Part of subcall function 02D82FBC: __FF_MSGBANNER.LIBCMT ref: 02D82FD3
                                                        • Part of subcall function 02D82FBC: __NMSG_WRITE.LIBCMT ref: 02D82FDA
                                                        • Part of subcall function 02D82FBC: RtlAllocateHeap.NTDLL(00830000,00000000,00000001), ref: 02D82FFF
                                                      • _malloc.LIBCMT ref: 02D76561
                                                      • _malloc.LIBCMT ref: 02D7656C
                                                      • _malloc.LIBCMT ref: 02D76577
                                                      • _malloc.LIBCMT ref: 02D76582
                                                      • _malloc.LIBCMT ref: 02D7658D
                                                      • _malloc.LIBCMT ref: 02D76598
                                                      • _malloc.LIBCMT ref: 02D765A7
                                                      • GetProcessHeap.KERNEL32(00000000,00000004), ref: 02D765BE
                                                      • RtlAllocateHeap.NTDLL(00000000), ref: 02D765C7
                                                      • GetProcessHeap.KERNEL32(00000000,00000400), ref: 02D765D6
                                                      • RtlAllocateHeap.NTDLL(00000000), ref: 02D765D9
                                                      • GetProcessHeap.KERNEL32(00000000,00000400), ref: 02D765E4
                                                      • RtlAllocateHeap.NTDLL(00000000), ref: 02D765E7
                                                      • RtlEnterCriticalSection.NTDLL(02DA71E0), ref: 02D76621
                                                      • RtlLeaveCriticalSection.NTDLL(02DA71E0), ref: 02D7662E
                                                      • _malloc.LIBCMT ref: 02D76652
                                                      • _malloc.LIBCMT ref: 02D76660
                                                      • _malloc.LIBCMT ref: 02D76667
                                                      • _malloc.LIBCMT ref: 02D7668D
                                                      • QueryPerformanceCounter.KERNEL32(00000200), ref: 02D766A0
                                                      • Sleep.KERNEL32 ref: 02D766AE
                                                      • _malloc.LIBCMT ref: 02D766BA
                                                      • _malloc.LIBCMT ref: 02D766C7
                                                      • Sleep.KERNEL32(0000EA60), ref: 02D76708
                                                      • RtlEnterCriticalSection.NTDLL(02DA71E0), ref: 02D76713
                                                      • RtlLeaveCriticalSection.NTDLL(02DA71E0), ref: 02D76724
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: _malloc$Heap$CriticalSection$Allocate$Process$AddressEnterHandleLeaveModuleProcSleep$CountCounterInitializePerformanceQueryTickVersion
                                                      • String ID: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)$cid=%.8x&connected=%d&sport=%d&high_port=%x&low_port=%x&stream=%d&os=%d.%d.%04d&dgt=%d&dti=%d$ntdll.dll$sprintf$strcat
                                                      • API String ID: 4273019447-2678694477
                                                      • Opcode ID: 36795f0ca503c47ecd453650a5819b91d5098c1faa99223138b9a1dc2fc7a2f8
                                                      • Instruction ID: ded41481ed9a7953d58184d7cd646ec7f018672d35a76f245096c8d153f56532
                                                      • Opcode Fuzzy Hash: 36795f0ca503c47ecd453650a5819b91d5098c1faa99223138b9a1dc2fc7a2f8
                                                      • Instruction Fuzzy Hash: 85713DB1D44350AFE3107B75AC49B5BBBE9EB45750F11481DFA8497381EBB89C00CBA6
                                                      Function 00401B4B Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 74libraryloaderCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 574 401b4b-401b68 LoadLibraryA 575 401c21-401c25 574->575 576 401b6e-401b7f GetProcAddress 574->576 577 401b85-401b8e 576->577 578 401c18-401c1b FreeLibrary 576->578 579 401b95-401ba5 GetAdaptersInfo 577->579 578->575 580 401ba7-401bb0 579->580 581 401bdb-401be3 579->581 584 401bc1-401bd7 call 403030 call 4018cc 580->584 585 401bb2-401bb6 580->585 582 401be5-401beb call 403016 581->582 583 401bec-401bf0 581->583 582->583 587 401bf2-401bf6 583->587 588 401c15-401c17 583->588 584->581 585->581 589 401bb8-401bbf 585->589 587->588 592 401bf8-401bfb 587->592 588->578 589->584 589->585 594 401c06-401c13 call 403008 592->594 595 401bfd-401c03 592->595 594->579 594->588 595->594
                                                      APIs
                                                      • LoadLibraryA.KERNEL32(iphlpapi.dll), ref: 00401B5D
                                                      • GetProcAddress.KERNEL32(00000000,GetAdaptersInfo), ref: 00401B74
                                                      • GetAdaptersInfo.IPHLPAPI(?,00000400), ref: 00401B9D
                                                      • FreeLibrary.KERNEL32(00401A3E), ref: 00401C1B
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: Library$AdaptersAddressFreeInfoLoadProc
                                                      • String ID: GetAdaptersInfo$iphlpapi.dll$o
                                                      • API String ID: 514930453-3667123677
                                                      • Opcode ID: f6a3d4a546fe447aa090b4b337ce8e2c682d0eb15c8ca8dfe33d6ce67d69008a
                                                      • Instruction ID: a538f8a8679b9925356c4c7d9fe0bed0b0a0820a8f86c695c00da230608c3b9e
                                                      • Opcode Fuzzy Hash: f6a3d4a546fe447aa090b4b337ce8e2c682d0eb15c8ca8dfe33d6ce67d69008a
                                                      • Instruction Fuzzy Hash: FE21B870904209AEDF219FA5CD447EF7FB8EF45345F0440BAD604B22A1E7389E85CB69
                                                      Function 00401F64 Relevance: 12.1, APIs: 8, Instructions: 121memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 600 401f64-401f84 FindResourceA 601 401f86-401f9d GetLastError SizeofResource 600->601 602 401f9f-401fa1 600->602 601->602 603 401fa6-401fec LoadResource LockResource GlobalAlloc call 402c70 * 2 601->603 604 402096-40209a 602->604 609 401fee-401ff9 603->609 609->609 610 401ffb-402003 GetTickCount 609->610 611 402032-402038 610->611 612 402005-402007 610->612 613 402053-402083 GlobalAlloc call 401c26 611->613 615 40203a-40204a 611->615 612->613 614 402009-40200f 612->614 622 402088-402093 613->622 614->613 616 402011-402023 614->616 617 40204c 615->617 618 40204e-402051 615->618 620 402025 616->620 621 402027-40202a 616->621 617->618 618->613 618->615 620->621 621->616 623 40202c-40202e 621->623 622->604 623->614 624 402030 623->624 624->613
                                                      APIs
                                                      • FindResourceA.KERNEL32(?,0000000A), ref: 00401F7A
                                                      • GetLastError.KERNEL32 ref: 00401F86
                                                      • SizeofResource.KERNEL32(00000000), ref: 00401F93
                                                      • LoadResource.KERNEL32(00000000), ref: 00401FAD
                                                      • LockResource.KERNEL32(00000000), ref: 00401FB4
                                                      • GlobalAlloc.KERNEL32(00000040,00000000), ref: 00401FBF
                                                      • GetTickCount.KERNEL32 ref: 00401FFB
                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 00402061
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: Resource$AllocGlobal$CountErrorFindLastLoadLockSizeofTick
                                                      • String ID:
                                                      • API String ID: 564119183-0
                                                      • Opcode ID: 78592008841833dc4a3c491277643ee8c1760502768a05008f4964f6f4ca3acf
                                                      • Instruction ID: a77b5dbc41acd1841a8a8b39c887614a858c704a1153a2713047522ce7334443
                                                      • Opcode Fuzzy Hash: 78592008841833dc4a3c491277643ee8c1760502768a05008f4964f6f4ca3acf
                                                      • Instruction Fuzzy Hash: 61314C31A00355AFDB105FB99F889AF7F78EF45344B14807AFA86F7281DA748845C7A8
                                                      Function 02D7F9B2 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 87libraryloaderCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 648 2d7f9b2-2d7f9d5 LoadLibraryA 649 2d7fa95-2d7fa9c 648->649 650 2d7f9db-2d7f9e9 GetProcAddress 648->650 651 2d7f9ef-2d7f9ff 650->651 652 2d7fa8e-2d7fa8f FreeLibrary 650->652 653 2d7fa01-2d7fa0d GetAdaptersInfo 651->653 652->649 654 2d7fa45-2d7fa4d 653->654 655 2d7fa0f 653->655 656 2d7fa56-2d7fa5b 654->656 657 2d7fa4f-2d7fa55 call 2d837b8 654->657 658 2d7fa11-2d7fa18 655->658 660 2d7fa5d-2d7fa60 656->660 661 2d7fa89-2d7fa8d 656->661 657->656 662 2d7fa22-2d7fa2a 658->662 663 2d7fa1a-2d7fa1e 658->663 660->661 665 2d7fa62-2d7fa67 660->665 661->652 667 2d7fa2d-2d7fa32 662->667 663->658 666 2d7fa20 663->666 668 2d7fa74-2d7fa7f call 2d83b5c 665->668 669 2d7fa69-2d7fa71 665->669 666->654 667->667 670 2d7fa34-2d7fa41 call 2d7f701 667->670 668->661 675 2d7fa81-2d7fa84 668->675 669->668 670->654 675->653
                                                      APIs
                                                      • LoadLibraryA.KERNEL32(iphlpapi.dll), ref: 02D7F9C8
                                                      • GetProcAddress.KERNEL32(00000000,GetAdaptersInfo), ref: 02D7F9E1
                                                      • GetAdaptersInfo.IPHLPAPI(?,?), ref: 02D7FA06
                                                      • FreeLibrary.KERNEL32(00000000), ref: 02D7FA8F
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Library$AdaptersAddressFreeInfoLoadProc
                                                      • String ID: GetAdaptersInfo$iphlpapi.dll
                                                      • API String ID: 514930453-3114217049
                                                      • Opcode ID: fd1bcd01bae2d486e9564e84b9ffbf86c3bcb51cb7eb8974c92d6e4e8ed896ee
                                                      • Instruction ID: e1094994391f1fdcf206bb75cb525ff2672994ae9ccd44bb44f5d85381269db8
                                                      • Opcode Fuzzy Hash: fd1bcd01bae2d486e9564e84b9ffbf86c3bcb51cb7eb8974c92d6e4e8ed896ee
                                                      • Instruction Fuzzy Hash: 4221B971E082099FDB21DBA8D8846EEBBF9EF09314F1440A9E549E7711E7349D45CBA0
                                                      Function 02D7F8AE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 100fileCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1177 2d7f8ae-2d7f8d9 CreateFileA 1178 2d7f8df-2d7f8f4 1177->1178 1179 2d7f9aa-2d7f9b1 1177->1179 1180 2d7f8f7-2d7f919 DeviceIoControl 1178->1180 1181 2d7f952-2d7f95a 1180->1181 1182 2d7f91b-2d7f923 1180->1182 1185 2d7f963-2d7f965 1181->1185 1186 2d7f95c-2d7f962 call 2d837b8 1181->1186 1183 2d7f925-2d7f92a 1182->1183 1184 2d7f92c-2d7f931 1182->1184 1183->1181 1184->1181 1189 2d7f933-2d7f93b 1184->1189 1187 2d7f967-2d7f96a 1185->1187 1188 2d7f9a0-2d7f9a9 CloseHandle 1185->1188 1186->1185 1191 2d7f986-2d7f993 call 2d83b5c 1187->1191 1192 2d7f96c-2d7f975 GetLastError 1187->1192 1188->1179 1193 2d7f93e-2d7f943 1189->1193 1191->1188 1201 2d7f995-2d7f99b 1191->1201 1192->1188 1195 2d7f977-2d7f97a 1192->1195 1193->1193 1197 2d7f945-2d7f951 call 2d7f701 1193->1197 1195->1191 1198 2d7f97c-2d7f983 1195->1198 1197->1181 1198->1191 1201->1180
                                                      APIs
                                                      • CreateFileA.KERNEL32(\\.\PhysicalDrive0,00000000,00000007,00000000,00000003,00000000,00000000), ref: 02D7F8CD
                                                      • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000400,?,00000000), ref: 02D7F90B
                                                      • GetLastError.KERNEL32 ref: 02D7F96C
                                                      • CloseHandle.KERNEL32(?), ref: 02D7F9A3
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseControlCreateDeviceErrorFileHandleLast
                                                      • String ID: \\.\PhysicalDrive0
                                                      • API String ID: 4026078076-1180397377
                                                      • Opcode ID: a5444de15adb9711656353e221f734cc2a5692c15e84ef11cdb53053d2756197
                                                      • Instruction ID: b184073e4d540f411164dc7a9d14fce4dd9b9b07a4976330b13343a8ce3ded25
                                                      • Opcode Fuzzy Hash: a5444de15adb9711656353e221f734cc2a5692c15e84ef11cdb53053d2756197
                                                      • Instruction Fuzzy Hash: 60319CB1E00219BFDB24DFA4D884AEEBBB9FF44714F20416AE519A7780E7745E05CB90
                                                      Function 00401A4F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94fileCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1203 401a4f-401a77 CreateFileA 1204 401b45-401b4a 1203->1204 1205 401a7d-401a91 1203->1205 1206 401a98-401ac0 DeviceIoControl 1205->1206 1207 401ac2-401aca 1206->1207 1208 401af3-401afb 1206->1208 1209 401ad4-401ad9 1207->1209 1210 401acc-401ad2 1207->1210 1211 401b04-401b07 1208->1211 1212 401afd-401b03 call 403016 1208->1212 1209->1208 1213 401adb-401af1 call 403030 call 4018cc 1209->1213 1210->1208 1215 401b09-401b0c 1211->1215 1216 401b3a-401b44 CloseHandle 1211->1216 1212->1211 1213->1208 1217 401b27-401b34 call 403008 1215->1217 1218 401b0e-401b17 GetLastError 1215->1218 1216->1204 1217->1206 1217->1216 1218->1216 1221 401b19-401b1c 1218->1221 1221->1217 1224 401b1e-401b24 1221->1224 1224->1217
                                                      APIs
                                                      • CreateFileA.KERNEL32(\\.\PhysicalDrive0,00000000,00000007,00000000,00000003,00000000,00000000), ref: 00401A6B
                                                      • DeviceIoControl.KERNEL32(?,002D1400,?,0000000C,?,00000400,00000400,00000000), ref: 00401AB2
                                                      • GetLastError.KERNEL32 ref: 00401B0E
                                                      • CloseHandle.KERNEL32(?), ref: 00401B3D
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: CloseControlCreateDeviceErrorFileHandleLast
                                                      • String ID: \\.\PhysicalDrive0
                                                      • API String ID: 4026078076-1180397377
                                                      • Opcode ID: 5615ba990f0fe275dea84333be7d18dea40f1744691db02839f26b648948e018
                                                      • Instruction ID: 910dc0847f28e8ee35b02998416bdc4b897413fb4d2ac8f8b115ff7a722f769f
                                                      • Opcode Fuzzy Hash: 5615ba990f0fe275dea84333be7d18dea40f1744691db02839f26b648948e018
                                                      • Instruction Fuzzy Hash: D3316D71D01118EACB21AF95CD809EFBBB9FF45750F20407AE554B22A0E7785E45CB98
                                                      Function 02D71CF8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 105synchronizationCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 02D71D11
                                                      • GetLastError.KERNEL32 ref: 02D71D23
                                                        • Part of subcall function 02D71712: __EH_prolog.LIBCMT ref: 02D71717
                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 02D71D59
                                                      • GetLastError.KERNEL32 ref: 02D71D6B
                                                      • __beginthreadex.LIBCMT ref: 02D71DB1
                                                      • GetLastError.KERNEL32 ref: 02D71DC6
                                                      • CloseHandle.KERNEL32(00000000), ref: 02D71DDD
                                                      • CloseHandle.KERNEL32(00000000), ref: 02D71DEC
                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02D71E14
                                                      • CloseHandle.KERNEL32(00000000), ref: 02D71E1B
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseErrorHandleLast$CreateEvent$H_prologObjectSingleWait__beginthreadex
                                                      • String ID: thread$thread.entry_event$thread.exit_event
                                                      • API String ID: 831262434-3017686385
                                                      • Opcode ID: 59a8765e64376dd3331cd0efdbd018e939d14c68a2960f8cdd48a5fab3128ded
                                                      • Instruction ID: 352820a2b1e10088e48c40152b82f02e4fac5583df27c90e67e4949660f463fd
                                                      • Opcode Fuzzy Hash: 59a8765e64376dd3331cd0efdbd018e939d14c68a2960f8cdd48a5fab3128ded
                                                      • Instruction Fuzzy Hash: D63169719003019FE700EF24C848B2BBBA9EB84714F104A6DF9598B390EB74DC49CFA2
                                                      Function 02D74D86 Relevance: 16.8, APIs: 11, Instructions: 256COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      • __EH_prolog.LIBCMT ref: 02D74D8B
                                                      • RtlEnterCriticalSection.NTDLL(02DA71E0), ref: 02D74DB7
                                                      • RtlLeaveCriticalSection.NTDLL(02DA71E0), ref: 02D74DC3
                                                        • Part of subcall function 02D74BED: __EH_prolog.LIBCMT ref: 02D74BF2
                                                        • Part of subcall function 02D74BED: InterlockedExchange.KERNEL32(?,00000000), ref: 02D74CF2
                                                      • RtlEnterCriticalSection.NTDLL(02DA71E0), ref: 02D74E93
                                                      • RtlLeaveCriticalSection.NTDLL(02DA71E0), ref: 02D74E99
                                                      • RtlEnterCriticalSection.NTDLL(02DA71E0), ref: 02D74EA0
                                                      • RtlLeaveCriticalSection.NTDLL(02DA71E0), ref: 02D74EA6
                                                      • RtlEnterCriticalSection.NTDLL(02DA71E0), ref: 02D750A7
                                                      • RtlLeaveCriticalSection.NTDLL(02DA71E0), ref: 02D750AD
                                                      • RtlEnterCriticalSection.NTDLL(02DA71E0), ref: 02D750B8
                                                      • RtlLeaveCriticalSection.NTDLL(02DA71E0), ref: 02D750C1
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CriticalSection$EnterLeave$H_prolog$ExchangeInterlocked
                                                      • String ID:
                                                      • API String ID: 2062355503-0
                                                      • Opcode ID: 17ac635905a186553dc2632226da3695a22a5494d2a2689c8b1bfe569724163e
                                                      • Instruction ID: a873bbe86c21b4ed22d6dccecf0e73c672e2ac538d9d2ac725567c5f89647456
                                                      • Opcode Fuzzy Hash: 17ac635905a186553dc2632226da3695a22a5494d2a2689c8b1bfe569724163e
                                                      • Instruction Fuzzy Hash: C8B12B71D0025DDEEF11DFA4D844BEEBBB5EF04314F20405AE815A6280EB795E49CFA2
                                                      Function 02D726DB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92timeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      • RtlEnterCriticalSection.NTDLL(?), ref: 02D72706
                                                      • CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 02D7272B
                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02D95B63), ref: 02D72738
                                                        • Part of subcall function 02D71712: __EH_prolog.LIBCMT ref: 02D71717
                                                      • SetWaitableTimer.KERNEL32(?,?,000493E0,00000000,00000000,00000000), ref: 02D72778
                                                      • RtlLeaveCriticalSection.NTDLL(?), ref: 02D727D9
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CriticalSectionTimerWaitable$CreateEnterErrorH_prologLastLeave
                                                      • String ID: timer
                                                      • API String ID: 4293676635-1792073242
                                                      • Opcode ID: 7a62a5b6d3aded24ce5944387998d751190583b4127ee21850ed1bc7179ebfeb
                                                      • Instruction ID: d7f0630bf0c6caf8ed9f4db4d6326b9fcb07562795d22175b336d6da4fd661bb
                                                      • Opcode Fuzzy Hash: 7a62a5b6d3aded24ce5944387998d751190583b4127ee21850ed1bc7179ebfeb
                                                      • Instruction Fuzzy Hash: 6B319CB1904745AFD310DF25C948B16BBE8FB48724F104A2AF85983780E774EC04CFA5
                                                      Function 02D77B98 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 61sleepCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 676 2d77b98 677 2d77b2e-2d77b46 call 2d84b00 call 2d7439c 676->677 682 2d77b4f-2d77b56 call 2d82f84 677->682 683 2d77b48-2d77b4a call 2d7534d 677->683 687 2d766f4-2d766f6 682->687 683->682 688 2d766ff-2d76701 687->688 689 2d766f8-2d766fd 687->689 690 2d76703 688->690 691 2d7670e-2d76742 RtlEnterCriticalSection RtlLeaveCriticalSection 688->691 692 2d76708 Sleep 689->692 690->692 693 2d76744-2d76750 691->693 694 2d76792 691->694 692->691 693->694 695 2d76752-2d7675f 693->695 696 2d76796-2d772c3 InternetOpenA 694->696 698 2d76767-2d76768 695->698 699 2d76761-2d76765 695->699 700 2d77389-2d7738f 696->700 701 2d772c9-2d77340 InternetSetOptionA * 3 call 2d84b00 InternetOpenUrlA 696->701 702 2d7676c-2d76790 call 2d84b00 * 2 698->702 699->702 704 2d77391-2d77397 700->704 705 2d773ab-2d773b9 700->705 713 2d77382-2d77383 InternetCloseHandle 701->713 714 2d77342 701->714 702->696 709 2d7739d-2d773aa call 2d753ec 704->709 710 2d77399-2d7739b 704->710 705->687 707 2d773bf-2d773e3 call 2d84b00 call 2d7439c 705->707 707->687 725 2d773e9-2d77417 RtlEnterCriticalSection RtlLeaveCriticalSection call 2d8234c 707->725 709->705 710->705 713->700 718 2d77346-2d7736c InternetReadFile 714->718 722 2d77377-2d7737e InternetCloseHandle 718->722 723 2d7736e-2d77375 718->723 722->713 723->718 728 2d7746d-2d77488 call 2d8234c 725->728 729 2d77419-2d7742b call 2d8234c 725->729 734 2d77742-2d77754 call 2d8234c 728->734 735 2d7748e-2d77490 728->735 729->728 736 2d7742d-2d7743f call 2d8234c 729->736 743 2d77756-2d77758 734->743 744 2d7779d-2d777af call 2d8234c 734->744 735->734 738 2d77496-2d77548 call 2d82fbc RtlEnterCriticalSection RtlLeaveCriticalSection call 2d84b00 * 5 call 2d7439c * 2 735->738 736->728 746 2d77441-2d77453 call 2d8234c 736->746 798 2d77585 738->798 799 2d7754a-2d7754c 738->799 743->744 747 2d7775a-2d77798 call 2d84b00 RtlEnterCriticalSection RtlLeaveCriticalSection 743->747 755 2d777b1-2d777cb call 2d761f5 call 2d76303 call 2d7640e 744->755 756 2d777d0-2d777e2 call 2d8234c 744->756 746->728 757 2d77455-2d77467 call 2d8234c 746->757 747->687 755->687 770 2d77b00-2d77b12 call 2d8234c 756->770 771 2d777e8-2d777ea 756->771 757->687 757->728 770->687 782 2d77b18-2d77b2d call 2d82fbc 770->782 771->770 775 2d777f0-2d77807 call 2d7439c 771->775 775->687 786 2d7780d-2d778db call 2d82428 call 2d71ba7 775->786 782->677 796 2d778e2-2d77903 RtlEnterCriticalSection 786->796 797 2d778dd call 2d7143f 786->797 802 2d77905-2d7790c 796->802 803 2d7790f-2d77973 RtlLeaveCriticalSection call 2d73c67 call 2d73d7e call 2d78346 796->803 797->796 800 2d77589-2d775b7 call 2d82fbc call 2d84b00 call 2d7439c 798->800 799->798 804 2d7754e-2d77560 call 2d8234c 799->804 822 2d775b9-2d775c8 call 2d835f6 800->822 823 2d775f8-2d77601 call 2d82f84 800->823 802->803 824 2d77ae7-2d77afb call 2d7900e 803->824 825 2d77979-2d779c1 call 2d7a730 803->825 804->798 813 2d77562-2d77583 call 2d7439c 804->813 813->800 822->823 838 2d775ca 822->838 836 2d77607-2d7761f call 2d83b5c 823->836 837 2d77738-2d7773b 823->837 824->687 834 2d779c7-2d779ce 825->834 835 2d77ab1-2d77ae2 call 2d783f5 call 2d733b2 825->835 840 2d779d1-2d779d6 834->840 835->824 849 2d77621-2d77629 call 2d79742 836->849 850 2d7762b 836->850 837->734 842 2d775cf-2d775e1 call 2d82860 838->842 840->840 844 2d779d8-2d77a23 call 2d7a730 840->844 855 2d775e6-2d775f6 call 2d835f6 842->855 856 2d775e3 842->856 844->835 858 2d77a29-2d77a2f 844->858 854 2d7762d-2d776e5 call 2d7a85a call 2d73863 call 2d75119 call 2d73863 call 2d7ab00 call 2d7ac1a 849->854 850->854 880 2d776e7 call 2d7380b 854->880 881 2d776ec-2d77717 Sleep call 2d81900 854->881 855->823 855->842 856->855 862 2d77a32-2d77a37 858->862 862->862 865 2d77a39-2d77a74 call 2d7a730 862->865 865->835 871 2d77a76-2d77ab0 call 2d7d122 865->871 871->835 880->881 885 2d77723-2d77731 881->885 886 2d77719-2d77722 call 2d74100 881->886 885->837 888 2d77733 call 2d7380b 885->888 886->885 888->837
                                                      APIs
                                                      • Sleep.KERNEL32(0000EA60), ref: 02D76708
                                                      • RtlEnterCriticalSection.NTDLL(02DA71E0), ref: 02D76713
                                                      • RtlLeaveCriticalSection.NTDLL(02DA71E0), ref: 02D76724
                                                      • _free.LIBCMT ref: 02D77B50
                                                        • Part of subcall function 02D7534D: _malloc.LIBCMT ref: 02D7535D
                                                        • Part of subcall function 02D7534D: SHGetSpecialFolderPathA.SHELL32(00000000,00000000,00000023,00000000), ref: 02D7536F
                                                      Strings
                                                      • Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US), xrefs: 02D76739
                                                      • urls, xrefs: 02D77B36
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CriticalSection$EnterFolderLeavePathSleepSpecial_free_malloc
                                                      • String ID: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)$urls
                                                      • API String ID: 685302717-4235545730
                                                      • Opcode ID: 2640e6d683ee8ca7cff570fb7cc2dec2012c095fec4c0bdeba74b15b7836fce5
                                                      • Instruction ID: f5525d00929a5f2fc1b339d2dec4e08d7a3d955ab4786de98df8336dda08fcc4
                                                      • Opcode Fuzzy Hash: 2640e6d683ee8ca7cff570fb7cc2dec2012c095fec4c0bdeba74b15b7836fce5
                                                      • Instruction Fuzzy Hash: ED11A0759487409BE710BB20AC04B6FB7E6AF85351F650828F5C5AB340FB79EC04CBA2
                                                      Function 02D77BB1 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 149sleepCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 891 2d77bb1-2d77bb6 892 2d77b39-2d77b3d 891->892 893 2d77bb8-2d77beb 891->893 894 2d77b43-2d77b46 892->894 895 2d77b3e call 2d7439c 892->895 896 2d77bed-2d77bf7 893->896 897 2d77b4f-2d77b56 call 2d82f84 894->897 898 2d77b48-2d77b4a call 2d7534d 894->898 895->894 899 2d77bf8-2d77c08 896->899 905 2d766f4-2d766f6 897->905 898->897 902 2d77c63-2d77c71 899->902 902->899 904 2d77c73-2d77c9a 902->904 909 2d77c42-2d77c5d 904->909 910 2d77c9c-2d77ca0 904->910 907 2d766ff-2d76701 905->907 908 2d766f8-2d766fd 905->908 911 2d76703 907->911 912 2d7670e-2d76742 RtlEnterCriticalSection RtlLeaveCriticalSection 907->912 913 2d76708 Sleep 908->913 909->896 918 2d77c5f-2d77c62 909->918 914 2d77ca2-2d77ca4 910->914 915 2d77cee-2d77d06 910->915 911->913 916 2d76744-2d76750 912->916 917 2d76792 912->917 913->912 914->914 919 2d77ca6-2d77cb6 914->919 916->917 920 2d76752-2d7675f 916->920 921 2d76796-2d772c3 InternetOpenA 917->921 918->902 919->915 923 2d76767-2d76768 920->923 924 2d76761-2d76765 920->924 925 2d77389-2d7738f 921->925 926 2d772c9-2d77340 InternetSetOptionA * 3 call 2d84b00 InternetOpenUrlA 921->926 927 2d7676c-2d76790 call 2d84b00 * 2 923->927 924->927 929 2d77391-2d77397 925->929 930 2d773ab-2d773b9 925->930 938 2d77382-2d77383 InternetCloseHandle 926->938 939 2d77342 926->939 927->921 934 2d7739d-2d773aa call 2d753ec 929->934 935 2d77399-2d7739b 929->935 930->905 932 2d773bf-2d773e3 call 2d84b00 call 2d7439c 930->932 932->905 950 2d773e9-2d77417 RtlEnterCriticalSection RtlLeaveCriticalSection call 2d8234c 932->950 934->930 935->930 938->925 943 2d77346-2d7736c InternetReadFile 939->943 947 2d77377-2d7737e InternetCloseHandle 943->947 948 2d7736e-2d77375 943->948 947->938 948->943 953 2d7746d-2d77488 call 2d8234c 950->953 954 2d77419-2d7742b call 2d8234c 950->954 959 2d77742-2d77754 call 2d8234c 953->959 960 2d7748e-2d77490 953->960 954->953 961 2d7742d-2d7743f call 2d8234c 954->961 968 2d77756-2d77758 959->968 969 2d7779d-2d777af call 2d8234c 959->969 960->959 963 2d77496-2d77548 call 2d82fbc RtlEnterCriticalSection RtlLeaveCriticalSection call 2d84b00 * 5 call 2d7439c * 2 960->963 961->953 971 2d77441-2d77453 call 2d8234c 961->971 1026 2d77585 963->1026 1027 2d7754a-2d7754c 963->1027 968->969 972 2d7775a-2d77798 call 2d84b00 RtlEnterCriticalSection RtlLeaveCriticalSection 968->972 980 2d777b1-2d777bf call 2d761f5 call 2d76303 969->980 981 2d777d0-2d777e2 call 2d8234c 969->981 971->953 982 2d77455-2d77467 call 2d8234c 971->982 972->905 998 2d777c4-2d777cb call 2d7640e 980->998 995 2d77b00-2d77b12 call 2d8234c 981->995 996 2d777e8-2d777ea 981->996 982->905 982->953 995->905 1007 2d77b18-2d77b3e call 2d82fbc call 2d84b00 call 2d7439c 995->1007 996->995 1000 2d777f0-2d77807 call 2d7439c 996->1000 998->905 1000->905 1011 2d7780d-2d778db call 2d82428 call 2d71ba7 1000->1011 1007->894 1024 2d778e2-2d77903 RtlEnterCriticalSection 1011->1024 1025 2d778dd call 2d7143f 1011->1025 1031 2d77905-2d7790c 1024->1031 1032 2d7790f-2d77973 RtlLeaveCriticalSection call 2d73c67 call 2d73d7e call 2d78346 1024->1032 1025->1024 1029 2d77589-2d775b7 call 2d82fbc call 2d84b00 call 2d7439c 1026->1029 1027->1026 1033 2d7754e-2d77560 call 2d8234c 1027->1033 1051 2d775b9-2d775c8 call 2d835f6 1029->1051 1052 2d775f8-2d77601 call 2d82f84 1029->1052 1031->1032 1053 2d77ae7-2d77afb call 2d7900e 1032->1053 1054 2d77979-2d779c1 call 2d7a730 1032->1054 1033->1026 1042 2d77562-2d77583 call 2d7439c 1033->1042 1042->1029 1051->1052 1067 2d775ca 1051->1067 1065 2d77607-2d7761f call 2d83b5c 1052->1065 1066 2d77738-2d7773b 1052->1066 1053->905 1063 2d779c7-2d779ce 1054->1063 1064 2d77ab1-2d77ae2 call 2d783f5 call 2d733b2 1054->1064 1069 2d779d1-2d779d6 1063->1069 1064->1053 1078 2d77621-2d77629 call 2d79742 1065->1078 1079 2d7762b 1065->1079 1066->959 1071 2d775cf-2d775e1 call 2d82860 1067->1071 1069->1069 1073 2d779d8-2d77a23 call 2d7a730 1069->1073 1084 2d775e6-2d775f6 call 2d835f6 1071->1084 1085 2d775e3 1071->1085 1073->1064 1087 2d77a29-2d77a2f 1073->1087 1083 2d7762d-2d776cf call 2d7a85a call 2d73863 call 2d75119 call 2d73863 call 2d7ab00 call 2d7ac1a 1078->1083 1079->1083 1108 2d776d4-2d776e5 1083->1108 1084->1052 1084->1071 1085->1084 1091 2d77a32-2d77a37 1087->1091 1091->1091 1094 2d77a39-2d77a74 call 2d7a730 1091->1094 1094->1064 1100 2d77a76-2d77aaa call 2d7d122 1094->1100 1104 2d77aaf-2d77ab0 1100->1104 1104->1064 1109 2d776e7 call 2d7380b 1108->1109 1110 2d776ec-2d77717 Sleep call 2d81900 1108->1110 1109->1110 1114 2d77723-2d77731 1110->1114 1115 2d77719-2d77722 call 2d74100 1110->1115 1114->1066 1117 2d77733 call 2d7380b 1114->1117 1115->1114 1117->1066
                                                      APIs
                                                      • Sleep.KERNEL32(0000EA60), ref: 02D76708
                                                      • RtlEnterCriticalSection.NTDLL(02DA71E0), ref: 02D76713
                                                      • RtlLeaveCriticalSection.NTDLL(02DA71E0), ref: 02D76724
                                                      • _free.LIBCMT ref: 02D77B50
                                                      Strings
                                                      • Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US), xrefs: 02D76739
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CriticalSection$EnterLeaveSleep_free
                                                      • String ID: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                      • API String ID: 2653569029-1923541051
                                                      • Opcode ID: 014e669722ad61745bd9e74823031c7eadde4d3f8b214946ce73b8756de84613
                                                      • Instruction ID: 5d1fd352eabce5ed56da1f4bba149a2b5526f7f4b71ddab055bc1cdab30eaa96
                                                      • Opcode Fuzzy Hash: 014e669722ad61745bd9e74823031c7eadde4d3f8b214946ce73b8756de84613
                                                      • Instruction Fuzzy Hash: F8417B329087529FE710DB34AC4569AFBA1FF46320F24095AE882DB381F7369C45C7D1
                                                      Function 02D72B95 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 132networkCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1120 2d72b95-2d72baf 1121 2d72bc7-2d72bcb 1120->1121 1122 2d72bb1-2d72bb9 call 2d80b20 1120->1122 1124 2d72bdf 1121->1124 1125 2d72bcd-2d72bd0 1121->1125 1129 2d72bbf-2d72bc2 1122->1129 1128 2d72be2-2d72c11 WSASetLastError WSARecv call 2d7a514 1124->1128 1125->1124 1127 2d72bd2-2d72bdd call 2d80b20 1125->1127 1127->1129 1134 2d72c16-2d72c1d 1128->1134 1132 2d72d30 1129->1132 1135 2d72d32-2d72d38 1132->1135 1136 2d72c1f-2d72c2a call 2d80b20 1134->1136 1137 2d72c2c-2d72c32 1134->1137 1148 2d72c3f-2d72c42 1136->1148 1138 2d72c46-2d72c48 1137->1138 1139 2d72c34-2d72c39 call 2d80b20 1137->1139 1142 2d72c4f-2d72c60 call 2d80b20 1138->1142 1143 2d72c4a-2d72c4d 1138->1143 1139->1148 1142->1135 1146 2d72c66-2d72c69 1142->1146 1143->1146 1150 2d72c73-2d72c76 1146->1150 1151 2d72c6b-2d72c6d 1146->1151 1148->1138 1150->1132 1153 2d72c7c-2d72c9a call 2d80b20 call 2d7166f 1150->1153 1151->1150 1152 2d72d22-2d72d2d call 2d71996 1151->1152 1152->1132 1160 2d72cbc-2d72cfa WSASetLastError select call 2d7a514 1153->1160 1161 2d72c9c-2d72cba call 2d80b20 call 2d7166f 1153->1161 1167 2d72cfc-2d72d06 call 2d80b20 1160->1167 1168 2d72d08 1160->1168 1161->1132 1161->1160 1173 2d72d19-2d72d1d 1167->1173 1171 2d72d15-2d72d17 1168->1171 1172 2d72d0a-2d72d12 call 2d80b20 1168->1172 1171->1132 1171->1173 1172->1171 1173->1128
                                                      APIs
                                                      • WSASetLastError.WS2_32(00000000), ref: 02D72BE4
                                                      • WSARecv.WS2_32(?,?,?,?,?,00000000,00000000), ref: 02D72C07
                                                        • Part of subcall function 02D7A514: WSAGetLastError.WS2_32(00000000,?,?,02D72A51), ref: 02D7A522
                                                      • WSASetLastError.WS2_32 ref: 02D72CD3
                                                      • select.WS2_32(?,?,00000000,00000000,00000000), ref: 02D72CE7
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ErrorLast$Recvselect
                                                      • String ID: 3'
                                                      • API String ID: 886190287-280543908
                                                      • Opcode ID: 58cafd2b26e02eb0b70b58a7cc5087c7f0054ba372c20ce6ffe0ca27b5adab33
                                                      • Instruction ID: e29ab5c441a5827fc5228c291a10f61ed4058a51feb7f56df3ae744fd7021710
                                                      • Opcode Fuzzy Hash: 58cafd2b26e02eb0b70b58a7cc5087c7f0054ba372c20ce6ffe0ca27b5adab33
                                                      • Instruction Fuzzy Hash: 6B414AB19143419FD710AF64C90876BBBE9EF84359F10491EE89987381FB78DD44CBA2
                                                      Function 02D729EE Relevance: 7.6, APIs: 5, Instructions: 79networkCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1228 2d729ee-2d72a06 1229 2d72ab3-2d72abb call 2d80b20 1228->1229 1230 2d72a0c-2d72a10 1228->1230 1237 2d72abe-2d72ac6 1229->1237 1232 2d72a12-2d72a15 1230->1232 1233 2d72a39-2d72a4c WSASetLastError closesocket call 2d7a514 1230->1233 1232->1233 1236 2d72a17-2d72a36 call 2d80b20 call 2d72f50 1232->1236 1238 2d72a51-2d72a55 1233->1238 1236->1233 1238->1229 1240 2d72a57-2d72a5f call 2d80b20 1238->1240 1246 2d72a61-2d72a67 1240->1246 1247 2d72a69-2d72a71 call 2d80b20 1240->1247 1246->1247 1248 2d72a7b-2d72aad ioctlsocket WSASetLastError closesocket call 2d7a514 1246->1248 1252 2d72a73-2d72a79 1247->1252 1253 2d72aaf-2d72ab1 1247->1253 1248->1253 1252->1248 1252->1253 1253->1229 1253->1237
                                                      APIs
                                                      • WSASetLastError.WS2_32(00000000), ref: 02D72A3B
                                                      • closesocket.WS2_32 ref: 02D72A42
                                                      • ioctlsocket.WS2_32(?,8004667E,00000000), ref: 02D72A89
                                                      • WSASetLastError.WS2_32(00000000,?,8004667E,00000000), ref: 02D72A97
                                                      • closesocket.WS2_32 ref: 02D72A9E
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ErrorLastclosesocket$ioctlsocket
                                                      • String ID:
                                                      • API String ID: 1561005644-0
                                                      • Opcode ID: bc54730669aba033c693cf70f87f738487e27465b0be5977cc8f75aca0d8f924
                                                      • Instruction ID: e254cffa7ab9ce1e10dc3c7021c42c02cba580f2106807a7b56a2f429c282179
                                                      • Opcode Fuzzy Hash: bc54730669aba033c693cf70f87f738487e27465b0be5977cc8f75aca0d8f924
                                                      • Instruction Fuzzy Hash: 642103B1E14245ABEB20ABB8D808B6AB7E9DF44315F10496AE815C3381FB78DD40CB60
                                                      Function 02D71BA7 Relevance: 7.6, APIs: 5, Instructions: 75COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1255 2d71ba7-2d71bcf call 2d95400 RtlEnterCriticalSection 1258 2d71bd1 1255->1258 1259 2d71be9-2d71bf7 RtlLeaveCriticalSection call 2d7e33b 1255->1259 1260 2d71bd4-2d71be0 call 2d71b79 1258->1260 1262 2d71bfa-2d71c20 RtlEnterCriticalSection 1259->1262 1267 2d71c55-2d71c6e RtlLeaveCriticalSection 1260->1267 1268 2d71be2-2d71be7 1260->1268 1264 2d71c34-2d71c36 1262->1264 1265 2d71c22-2d71c2f call 2d71b79 1264->1265 1266 2d71c38-2d71c43 1264->1266 1269 2d71c45-2d71c4b 1265->1269 1273 2d71c31 1265->1273 1266->1269 1268->1259 1268->1260 1269->1267 1271 2d71c4d-2d71c51 1269->1271 1271->1267 1273->1264
                                                      APIs
                                                      • __EH_prolog.LIBCMT ref: 02D71BAC
                                                      • RtlEnterCriticalSection.NTDLL ref: 02D71BBC
                                                      • RtlLeaveCriticalSection.NTDLL ref: 02D71BEA
                                                      • RtlEnterCriticalSection.NTDLL ref: 02D71C13
                                                      • RtlLeaveCriticalSection.NTDLL ref: 02D71C56
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CriticalSection$EnterLeave$H_prolog
                                                      • String ID:
                                                      • API String ID: 1633115879-0
                                                      • Opcode ID: 956b3b133d4c456145144779fcb4bddff352d2567d647233cc7a5f061fc10889
                                                      • Instruction ID: ecda05ab090b1e415196194d59ba7ae7ed03496a32d48b53ae866cdb14a89b49
                                                      • Opcode Fuzzy Hash: 956b3b133d4c456145144779fcb4bddff352d2567d647233cc7a5f061fc10889
                                                      • Instruction Fuzzy Hash: 1B217AB5A002049FDB14CF68C48879AFBB5FF49714F24868AF85997301E779ED05CBA0
                                                      Function 00403220 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetVersion.KERNEL32 ref: 00403246
                                                        • Part of subcall function 00404364: HeapCreate.KERNEL32(00000000,00001000,00000000,0040327F,00000000), ref: 00404375
                                                        • Part of subcall function 00404364: HeapDestroy.KERNEL32 ref: 004043B4
                                                      • GetCommandLineA.KERNEL32 ref: 00403294
                                                      • GetStartupInfoA.KERNEL32(?), ref: 004032BF
                                                      • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 004032E2
                                                        • Part of subcall function 0040333B: ExitProcess.KERNEL32 ref: 00403358
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: Heap$CommandCreateDestroyExitHandleInfoLineModuleProcessStartupVersion
                                                      • String ID:
                                                      • API String ID: 2057626494-0
                                                      • Opcode ID: ab28d1ead4697ed0d8dd1c3572748f90fc29903a5067a4b5a40eff7935f6e0da
                                                      • Instruction ID: 857b842065bf28b810435c534a482318c0b7424de258d9d1d87b7a07579afd78
                                                      • Opcode Fuzzy Hash: ab28d1ead4697ed0d8dd1c3572748f90fc29903a5067a4b5a40eff7935f6e0da
                                                      • Instruction Fuzzy Hash: BC214CB1900A15AAD708EFA6DE8AA6E7FA8EB44705F10413EF505B72D2DB385500CB58
                                                      Function 02D72EDD Relevance: 6.0, APIs: 4, Instructions: 49networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • WSASetLastError.WS2_32(00000000), ref: 02D72EEE
                                                      • WSASocketA.WS2_32(?,?,?,00000000,00000000,00000001), ref: 02D72EFD
                                                      • WSAGetLastError.WS2_32(?,?,?,00000000,00000000,00000001), ref: 02D72F0C
                                                      • setsockopt.WS2_32(00000000,00000029,0000001B,00000000,00000004), ref: 02D72F36
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ErrorLast$Socketsetsockopt
                                                      • String ID:
                                                      • API String ID: 2093263913-0
                                                      • Opcode ID: 2aa26dba9bd39b2849fef2fe1786247c673e0c253a09af192cbd2b0e0e2e7e30
                                                      • Instruction ID: 6820c91e3ecdb40896fa9e757fcfb3e6f99a9b5f0549649694d558375de2aa46
                                                      • Opcode Fuzzy Hash: 2aa26dba9bd39b2849fef2fe1786247c673e0c253a09af192cbd2b0e0e2e7e30
                                                      • Instruction Fuzzy Hash: 1B014871961204BBDB205F66DC48F5ABBADEB89762F00C565F918DB381D7748D00CBB0
                                                      Function 02D72DB5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 02D72D39: WSASetLastError.WS2_32(00000000), ref: 02D72D47
                                                        • Part of subcall function 02D72D39: WSASend.WS2_32(?,?,?,?,00000000,00000000,00000000), ref: 02D72D5C
                                                      • WSASetLastError.WS2_32(00000000), ref: 02D72E6D
                                                      • select.WS2_32(?,00000000,00000001,00000000,00000000), ref: 02D72E83
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ErrorLast$Sendselect
                                                      • String ID: 3'
                                                      • API String ID: 2958345159-280543908
                                                      • Opcode ID: c990e41b7c32991f15d9b59b8c34609f9b38d5096fea44ab91d4f199a5ae319d
                                                      • Instruction ID: f082dc445eca4f7736a096f3a6ad35ed15d720b46e903449c1871152324a5899
                                                      • Opcode Fuzzy Hash: c990e41b7c32991f15d9b59b8c34609f9b38d5096fea44ab91d4f199a5ae319d
                                                      • Instruction Fuzzy Hash: A0318DB1A10245ABDB10EF64C8587EEBBAAEF04318F00455AEC1497341F779AD54CFE0
                                                      Function 02D72AC7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • WSASetLastError.WS2_32(00000000), ref: 02D72AEA
                                                      • connect.WS2_32(?,?,?), ref: 02D72AF5
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ErrorLastconnect
                                                      • String ID: 3'
                                                      • API String ID: 374722065-280543908
                                                      • Opcode ID: 721dc0d2598885fb936f592972b46bd8a5d069fcce1b87f703f15555e236e696
                                                      • Instruction ID: 8e993383acf31b5e02a9da64d6d636dfe4a6d301cff766807be6ec6c417c4e2d
                                                      • Opcode Fuzzy Hash: 721dc0d2598885fb936f592972b46bd8a5d069fcce1b87f703f15555e236e696
                                                      • Instruction Fuzzy Hash: 1821A470E10244ABDF14BFB4D4186AEBBBAEF44325F108599DC1897380FB789E058FA1
                                                      Function 02D7353E Relevance: 4.6, APIs: 3, Instructions: 127COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: H_prolog
                                                      • String ID:
                                                      • API String ID: 3519838083-0
                                                      • Opcode ID: be5985799bdd05d254fafd6bee47d855524bad9c2689cdd79baeab89122cae2c
                                                      • Instruction ID: f14c7e7dc60192b8a3c2bea3b5cd89be8447ab54e0e01f797c85c90bcfb21aa4
                                                      • Opcode Fuzzy Hash: be5985799bdd05d254fafd6bee47d855524bad9c2689cdd79baeab89122cae2c
                                                      • Instruction Fuzzy Hash: 1D5109B1904256DFCB45DF68D5406AABBA1EF08324F14819AE8699B380E774ED11CFA1
                                                      Function 02D7369A Relevance: 4.6, APIs: 3, Instructions: 60COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • InterlockedIncrement.KERNEL32(?), ref: 02D736A7
                                                        • Part of subcall function 02D72420: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 02D72432
                                                        • Part of subcall function 02D72420: PostQueuedCompletionStatus.KERNEL32(?,00000000,00000002,?), ref: 02D72445
                                                        • Part of subcall function 02D72420: RtlEnterCriticalSection.NTDLL(?), ref: 02D72454
                                                        • Part of subcall function 02D72420: InterlockedExchange.KERNEL32(?,00000001), ref: 02D72469
                                                        • Part of subcall function 02D72420: RtlLeaveCriticalSection.NTDLL(?), ref: 02D72470
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Interlocked$CriticalExchangeSection$CompareCompletionEnterIncrementLeavePostQueuedStatus
                                                      • String ID:
                                                      • API String ID: 1601054111-0
                                                      • Opcode ID: 59f2fb2b2e959ff87656f1e898049d6df2d14633acff5f4e5efad98f98f2161e
                                                      • Instruction ID: 53b79843db1cced4473d3d9a2fa5bfb5c7ea011c36386b20e2c567bbc14d42fe
                                                      • Opcode Fuzzy Hash: 59f2fb2b2e959ff87656f1e898049d6df2d14633acff5f4e5efad98f98f2161e
                                                      • Instruction Fuzzy Hash: 1711C1B5200249ABDF219E14CC85FAA3BAAEF40754F104456FD568A390E738DC60EBA4
                                                      Function 02D82100 Relevance: 4.5, APIs: 3, Instructions: 42threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __beginthreadex.LIBCMT ref: 02D82116
                                                      • CloseHandle.KERNEL32(?,?,?,?,?,00000002,02D7A994,00000000), ref: 02D82147
                                                      • ResumeThread.KERNEL32(?,?,?,?,?,00000002,02D7A994,00000000), ref: 02D82155
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseHandleResumeThread__beginthreadex
                                                      • String ID:
                                                      • API String ID: 1685284544-0
                                                      • Opcode ID: 58a3174f43a9cd349819390767dfdd8094868b6f931ea6fb4dafdd101c38a329
                                                      • Instruction ID: ac448b66008d3befd2944256c8f2d48766b8aa7b25d138950c20ee737e88dec2
                                                      • Opcode Fuzzy Hash: 58a3174f43a9cd349819390767dfdd8094868b6f931ea6fb4dafdd101c38a329
                                                      • Instruction Fuzzy Hash: FAF06871240201ABE720AE5CDC84FA5B3E9EF48725F34055AF658D7390C771AC92DA90
                                                      Function 02D71AA9 Relevance: 4.5, APIs: 3, Instructions: 18networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • InterlockedIncrement.KERNEL32(02DA72B4), ref: 02D71ABA
                                                      • WSAStartup.WS2_32(00000002,00000000), ref: 02D71ACB
                                                      • InterlockedExchange.KERNEL32(02DA72B8,00000000), ref: 02D71AD7
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Interlocked$ExchangeIncrementStartup
                                                      • String ID:
                                                      • API String ID: 1856147945-0
                                                      • Opcode ID: f32a18242bf654f6766a6a21ea1bf4069f77d3f7baf06e7b7991d295680a6f8e
                                                      • Instruction ID: e15ea48ba5b274927fd8bf96b84eca72848f120f4824b4e62f8cc254434f568d
                                                      • Opcode Fuzzy Hash: f32a18242bf654f6766a6a21ea1bf4069f77d3f7baf06e7b7991d295680a6f8e
                                                      • Instruction Fuzzy Hash: 26D05EB19A42145FF22066A4AC0EE7CF72CEB45711F100751FCAEC03C0EA509D3485B6
                                                      Function 004028DE Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 45fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: CopyFile
                                                      • String ID: epiAvidenta
                                                      • API String ID: 1304948518-1511824811
                                                      • Opcode ID: 352b9646b205d05087433da4c2938753a96362b2f71f25c45e20f99f1fe55efe
                                                      • Instruction ID: ce98a01e9b6358e15f719e3f6618724e615afe3c286c23e631b269ea9443c9a6
                                                      • Opcode Fuzzy Hash: 352b9646b205d05087433da4c2938753a96362b2f71f25c45e20f99f1fe55efe
                                                      • Instruction Fuzzy Hash: 7001F77590D3429FC7024FA44D485E63B78AF17318B2905F7E0917B1D2E338450BA71B
                                                      Function 004026F6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,?,00000001), ref: 00402942
                                                      Strings
                                                      • Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, xrefs: 004027AD
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: Open
                                                      • String ID: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                      • API String ID: 71445658-2036018995
                                                      • Opcode ID: 38f75e075728acc4aa5bf0921e5245b2cac1bbb7fd9d3cffdc6c7fd8c6db2675
                                                      • Instruction ID: d31aabc7a650bb4276bb28fdd2ec89d353f2baf618679da424aa9468702715d5
                                                      • Opcode Fuzzy Hash: 38f75e075728acc4aa5bf0921e5245b2cac1bbb7fd9d3cffdc6c7fd8c6db2675
                                                      • Instruction Fuzzy Hash: 48E01274648105FAD7005EA08F8CFFB766C6704344F204177A503F10C5E6FC45499A2B
                                                      Function 00402226 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: CreateDirectory
                                                      • String ID: .exe
                                                      • API String ID: 4241100979-4119554291
                                                      • Opcode ID: d9c0a3bd3341400613db70745cb484ac51cce04a99577fbaa08a1bc5098dbf9f
                                                      • Instruction ID: 8d12fb3aa19304f9e7c01f6abab7a24459b318e830d003974da282f92e69e85c
                                                      • Opcode Fuzzy Hash: d9c0a3bd3341400613db70745cb484ac51cce04a99577fbaa08a1bc5098dbf9f
                                                      • Instruction Fuzzy Hash: 3CD0C9605DA666E6D3063BE14E2BB6A69185E06745720C43FB9D2310D26EBC020B77AF
                                                      Function 00402AA7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 8registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegQueryValueExA.KERNEL32(?,Common AppData), ref: 0040D3B9
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: QueryValue
                                                      • String ID: Common AppData
                                                      • API String ID: 3660427363-2574214464
                                                      • Opcode ID: 7f6978db060780db6e1eb16330035fc97aa06c98292d1fcfedfb2540eb1556c0
                                                      • Instruction ID: ef35fb4111cb7983482813200b74bcb1d00fdc92b99a9804db3728ec9d0a7fb1
                                                      • Opcode Fuzzy Hash: 7f6978db060780db6e1eb16330035fc97aa06c98292d1fcfedfb2540eb1556c0
                                                      • Instruction Fuzzy Hash: DEC02B30D44200EACB004FD04D04B6D7770BF0030033049378D13B10D0C7B8000A7A1F
                                                      Function 02D74BED Relevance: 3.1, APIs: 2, Instructions: 137COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog.LIBCMT ref: 02D74BF2
                                                        • Part of subcall function 02D71BA7: __EH_prolog.LIBCMT ref: 02D71BAC
                                                        • Part of subcall function 02D71BA7: RtlEnterCriticalSection.NTDLL ref: 02D71BBC
                                                        • Part of subcall function 02D71BA7: RtlLeaveCriticalSection.NTDLL ref: 02D71BEA
                                                        • Part of subcall function 02D71BA7: RtlEnterCriticalSection.NTDLL ref: 02D71C13
                                                        • Part of subcall function 02D71BA7: RtlLeaveCriticalSection.NTDLL ref: 02D71C56
                                                        • Part of subcall function 02D7E103: __EH_prolog.LIBCMT ref: 02D7E108
                                                        • Part of subcall function 02D7E103: InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02D7E187
                                                      • InterlockedExchange.KERNEL32(?,00000000), ref: 02D74CF2
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CriticalSection$H_prolog$EnterExchangeInterlockedLeave
                                                      • String ID:
                                                      • API String ID: 1927618982-0
                                                      • Opcode ID: 57e26a41b74a7f3d4010601ec4e620fa2536ef48a1e0aef111764612edb7b15d
                                                      • Instruction ID: 61d5b6c020fa3069c744b7fb95726ce6af38b6e22fdffc1c81d7596cbe5e9f44
                                                      • Opcode Fuzzy Hash: 57e26a41b74a7f3d4010601ec4e620fa2536ef48a1e0aef111764612edb7b15d
                                                      • Instruction Fuzzy Hash: 6D512971D04248DFDB15DFA8D884AEEBBB5EF08314F1481AAE845AB351E7349E44CF60
                                                      Function 02DB33C2 Relevance: 3.1, APIs: 2, Instructions: 93sleepfileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002DAA000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DAA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2daa000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: DeleteFileSleep
                                                      • String ID:
                                                      • API String ID: 3161721237-0
                                                      • Opcode ID: 615e7a026f4b07f6db549b85563be6c6fac417743212b88c0abbc27954818df6
                                                      • Instruction ID: e0c4478e92bdd7f1bd0d4f2e59291cfd9e29890b37aa62fe56062818423b35e1
                                                      • Opcode Fuzzy Hash: 615e7a026f4b07f6db549b85563be6c6fac417743212b88c0abbc27954818df6
                                                      • Instruction Fuzzy Hash: B83127F290C6149FE3157F18E8C566AFBE8EB58310F46092DEAC887740E67558448BDB
                                                      Function 02D72D39 Relevance: 3.0, APIs: 2, Instructions: 50networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • WSASetLastError.WS2_32(00000000), ref: 02D72D47
                                                      • WSASend.WS2_32(?,?,?,?,00000000,00000000,00000000), ref: 02D72D5C
                                                        • Part of subcall function 02D7A514: WSAGetLastError.WS2_32(00000000,?,?,02D72A51), ref: 02D7A522
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ErrorLast$Send
                                                      • String ID:
                                                      • API String ID: 1282938840-0
                                                      • Opcode ID: 26f0f017a258e4e346ee8a87e80718c072099cd714e9f31b99bc87632921140e
                                                      • Instruction ID: 990cb0397de83e88208b734d07960dfe18246857b22483d8fb4adc76c1e44997
                                                      • Opcode Fuzzy Hash: 26f0f017a258e4e346ee8a87e80718c072099cd714e9f31b99bc87632921140e
                                                      • Instruction Fuzzy Hash: 5B0121B5500205AFD7206F95D84496BBBFDEB45365B20452EF89993340FB749D00CBB1
                                                      Function 004025F0 Relevance: 3.0, APIs: 2, Instructions: 39libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLastError.KERNEL32 ref: 004025BD
                                                      • LoadLibraryExA.KERNEL32(?,00000000,00000000), ref: 00402673
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: ErrorLastLibraryLoad
                                                      • String ID:
                                                      • API String ID: 3568775529-0
                                                      • Opcode ID: 5d6a78fe2cbcd93b7a0de27874a589bdb8b1fbf214d8207488211cc5548ddfd5
                                                      • Instruction ID: c6366aa66d02d185bcb5997ba3aa49142942e9ff0120ae49d7b987e869197964
                                                      • Opcode Fuzzy Hash: 5d6a78fe2cbcd93b7a0de27874a589bdb8b1fbf214d8207488211cc5548ddfd5
                                                      • Instruction Fuzzy Hash: 94F0AF3450420AEFDB10CF54DE84B953B70BB18344F200066ED41AB281D3B9E95A9A5D
                                                      Function 02D783F5 Relevance: 3.0, APIs: 2, Instructions: 32networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • WSASetLastError.WS2_32(00000000), ref: 02D78412
                                                      • shutdown.WS2_32(?,00000002), ref: 02D7841B
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ErrorLastshutdown
                                                      • String ID:
                                                      • API String ID: 1920494066-0
                                                      • Opcode ID: a8f08740bdb5c7c72031ef7a78b731f81b53a847d305a1baa92ebadeabad6224
                                                      • Instruction ID: b04dbd1dd424edd04c71ae1446dc12c180ef856b8740998251294516a65a6ad1
                                                      • Opcode Fuzzy Hash: a8f08740bdb5c7c72031ef7a78b731f81b53a847d305a1baa92ebadeabad6224
                                                      • Instruction Fuzzy Hash: 2BF0B471A143148FD720AF14D414B5AB7E5FF08325F00882CF9A597380E774AC00DBA1
                                                      Function 004025BD Relevance: 3.0, APIs: 2, Instructions: 31libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLastError.KERNEL32 ref: 004025BD
                                                      • LoadLibraryExA.KERNEL32(?,00000000,00000000), ref: 00402673
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: ErrorLastLibraryLoad
                                                      • String ID:
                                                      • API String ID: 3568775529-0
                                                      • Opcode ID: 401203a35f2d50e1da77a4f712e5e23f93d7d4b628da9897ce0219c960fdc4ea
                                                      • Instruction ID: ff333a15627b75d0cb9cbe7e85593529d79700f7b3a1eabf65c524a68e87b524
                                                      • Opcode Fuzzy Hash: 401203a35f2d50e1da77a4f712e5e23f93d7d4b628da9897ce0219c960fdc4ea
                                                      • Instruction Fuzzy Hash: 4DF05E3450420AEFDB10CF58DAC4BD53B60BB18384F600069ED519B284D775E49A9A58
                                                      Function 00404364 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • HeapCreate.KERNEL32(00000000,00001000,00000000,0040327F,00000000), ref: 00404375
                                                        • Part of subcall function 0040421C: GetVersionExA.KERNEL32 ref: 0040423B
                                                      • HeapDestroy.KERNEL32 ref: 004043B4
                                                        • Part of subcall function 0040473B: HeapAlloc.KERNEL32(00000000,00000140,0040439D,000003F8), ref: 00404748
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: Heap$AllocCreateDestroyVersion
                                                      • String ID:
                                                      • API String ID: 2507506473-0
                                                      • Opcode ID: 722f343bcc1d8d175d9e2b572cde26198cd65ff22fe77f0b72ae6e2e9ce6e364
                                                      • Instruction ID: b2207c572f0f3ed29129350844caab37b17516ac226c98ab5277a42ffae33650
                                                      • Opcode Fuzzy Hash: 722f343bcc1d8d175d9e2b572cde26198cd65ff22fe77f0b72ae6e2e9ce6e364
                                                      • Instruction Fuzzy Hash: D1F065F0741301D9DB206B719E4672635D49BC0B95F10443BFF00F91E0EB788480D61D
                                                      Function 02D75119 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog.LIBCMT ref: 02D7511E
                                                        • Part of subcall function 02D73D7E: htons.WS2_32(?), ref: 02D73DA2
                                                        • Part of subcall function 02D73D7E: htonl.WS2_32(00000000), ref: 02D73DB9
                                                        • Part of subcall function 02D73D7E: htonl.WS2_32(00000000), ref: 02D73DC0
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: htonl$H_prologhtons
                                                      • String ID:
                                                      • API String ID: 4039807196-0
                                                      • Opcode ID: 2fd6c80101fab7b2d4e67fabacb37982183b952c7f872d54f4e28eb5095b582b
                                                      • Instruction ID: 98ae95374931b2b83e4b1d4d8996a9783c41a4f69d15cfdb83f6526407e28191
                                                      • Opcode Fuzzy Hash: 2fd6c80101fab7b2d4e67fabacb37982183b952c7f872d54f4e28eb5095b582b
                                                      • Instruction Fuzzy Hash: B08116B5D0424A8ECF05DFA8E490AEEBBB5EF48214F20819AD850B7340EB395A45CF75
                                                      Function 02DAFAC5 Relevance: 1.6, APIs: 1, Instructions: 90fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002DAA000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DAA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2daa000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID:
                                                      • API String ID: 823142352-0
                                                      • Opcode ID: b3d44dc2ec33711115b79069cef0d81ad4b48754ee8e5cb5e6bda6e0f700b181
                                                      • Instruction ID: 4554631b10842fa08c399be98266bbc2344229105791e76ec6afb8f16bed9508
                                                      • Opcode Fuzzy Hash: b3d44dc2ec33711115b79069cef0d81ad4b48754ee8e5cb5e6bda6e0f700b181
                                                      • Instruction Fuzzy Hash: E4214FB251C7009FD355AF09D881A7AFBE9EF88710F16482DE6C583340EA715850CA9B
                                                      Function 02D7E9CC Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog.LIBCMT ref: 02D7E9D1
                                                        • Part of subcall function 02D71A01: TlsGetValue.KERNEL32 ref: 02D71A0A
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: H_prologValue
                                                      • String ID:
                                                      • API String ID: 3700342317-0
                                                      • Opcode ID: 3969b6cb20868d27901a3df06eb91b4c1245392091fe92a90517cf0c924084df
                                                      • Instruction ID: 980fac1d417d67a6e7c21e621097f7be665ea2a366b483922e9d7a313e6bc2a4
                                                      • Opcode Fuzzy Hash: 3969b6cb20868d27901a3df06eb91b4c1245392091fe92a90517cf0c924084df
                                                      • Instruction Fuzzy Hash: 93211BB6904209AFDB04DFA8D540AEEBBF9FB49310F14416AE918E7340E775AD11CBA1
                                                      Function 02DAF9E6 Relevance: 1.6, APIs: 1, Instructions: 62fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002DAA000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DAA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2daa000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: FileWrite
                                                      • String ID:
                                                      • API String ID: 3934441357-0
                                                      • Opcode ID: 1c8f56705ec3d23d712d0045f599da47c3ba93e5d73e795e8655f03824c73d3b
                                                      • Instruction ID: 32a1128d087e8e56262fa20943fab05d77eb5746b3ffb68fa857b1f1380b123d
                                                      • Opcode Fuzzy Hash: 1c8f56705ec3d23d712d0045f599da47c3ba93e5d73e795e8655f03824c73d3b
                                                      • Instruction Fuzzy Hash: 3511A7F651D204DFE7097F28DD8A27ABBE1EB44310F02462DE2C686744EE359854C647
                                                      Function 02D733B2 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • InterlockedCompareExchange.KERNEL32(?,00000000,00000000), ref: 02D733CC
                                                        • Part of subcall function 02D732AB: __EH_prolog.LIBCMT ref: 02D732B0
                                                        • Part of subcall function 02D732AB: RtlEnterCriticalSection.NTDLL(?), ref: 02D732C3
                                                        • Part of subcall function 02D732AB: RtlLeaveCriticalSection.NTDLL(?), ref: 02D732EF
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CriticalSection$CompareEnterExchangeH_prologInterlockedLeave
                                                      • String ID:
                                                      • API String ID: 1518410164-0
                                                      • Opcode ID: ccbb1f574428ac8aee81c15e244dd03846e011235cf3ea0647424c5cfe99d08c
                                                      • Instruction ID: 9d693dc3407a680095affde4a159e1ee5830db7c68386bda01f10149de8c4ff8
                                                      • Opcode Fuzzy Hash: ccbb1f574428ac8aee81c15e244dd03846e011235cf3ea0647424c5cfe99d08c
                                                      • Instruction Fuzzy Hash: B8016D71614606AFDB088F59D885B65BBA9FF44320F10835AE828873C0EB30EC21CBA0
                                                      Function 02DAFB30 Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002DAA000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DAA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2daa000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID:
                                                      • API String ID: 823142352-0
                                                      • Opcode ID: 126225da6ef55c3ad15d40bc568981ac979743b5342653ce9fbf263a9bec71ae
                                                      • Instruction ID: 64c78e758fbcf192444ccabd991e89ee63f680f6bfa98edf747bcc1ce6cb1e33
                                                      • Opcode Fuzzy Hash: 126225da6ef55c3ad15d40bc568981ac979743b5342653ce9fbf263a9bec71ae
                                                      • Instruction Fuzzy Hash: CC0140B241C7049FD359BF19989567AFBE4EF44710F12092DE7CA87380EA715850CB9B
                                                      Function 02DF8D68 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002DAA000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DAA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2daa000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID:
                                                      • API String ID: 823142352-0
                                                      • Opcode ID: b9beca13d45a737782a8b25fb809f7d6a4138a8bb493adc65238bad5009c8058
                                                      • Instruction ID: 453d54a0f26d7852d5427f7f7b0dc461d6055971900570b5b91647cb725d5840
                                                      • Opcode Fuzzy Hash: b9beca13d45a737782a8b25fb809f7d6a4138a8bb493adc65238bad5009c8058
                                                      • Instruction Fuzzy Hash: F201A2B154C7049FE761BF19D885B6AFBE4EF94710F12882CA7D487240E6346891CB87
                                                      Function 02DAFA44 Relevance: 1.5, APIs: 1, Instructions: 42fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002DAA000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DAA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2daa000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: FileWrite
                                                      • String ID:
                                                      • API String ID: 3934441357-0
                                                      • Opcode ID: 89070592333baf0fbb7f00cf7f9a94eb66715050ff53c6a041ac8220fd97e2d3
                                                      • Instruction ID: cb1eade3d206102c64748c7ad71344544cc14990e1eeebd32537cf56fc4c094f
                                                      • Opcode Fuzzy Hash: 89070592333baf0fbb7f00cf7f9a94eb66715050ff53c6a041ac8220fd97e2d3
                                                      • Instruction Fuzzy Hash: 1B01C0F651C600DFE705AF18D8866AAFBE0EF48310F02492DE6C983740E6349894CB8B
                                                      Function 02DAF872 Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002DAA000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DAA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2daa000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: Query_
                                                      • String ID:
                                                      • API String ID: 428220571-0
                                                      • Opcode ID: 8c94310f32f6b3b2829c77f6083e19ba35d74adb5be9b32c8e4d69e99c33bc27
                                                      • Instruction ID: 49731410e22b0f51f6b4927e1300405ab82240f0e64c52166ee4bbc66b25ed63
                                                      • Opcode Fuzzy Hash: 8c94310f32f6b3b2829c77f6083e19ba35d74adb5be9b32c8e4d69e99c33bc27
                                                      • Instruction Fuzzy Hash: BC018FF150C200DFE70AAF28D991739BBE5EF44311F15882CE6C683744E6319850CA86
                                                      Function 02D7E55C Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog.LIBCMT ref: 02D7E561
                                                        • Part of subcall function 02D726DB: RtlEnterCriticalSection.NTDLL(?), ref: 02D72706
                                                        • Part of subcall function 02D726DB: CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 02D7272B
                                                        • Part of subcall function 02D726DB: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02D95B63), ref: 02D72738
                                                        • Part of subcall function 02D726DB: SetWaitableTimer.KERNEL32(?,?,000493E0,00000000,00000000,00000000), ref: 02D72778
                                                        • Part of subcall function 02D726DB: RtlLeaveCriticalSection.NTDLL(?), ref: 02D727D9
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CriticalSectionTimerWaitable$CreateEnterErrorH_prologLastLeave
                                                      • String ID:
                                                      • API String ID: 4293676635-0
                                                      • Opcode ID: 766e10582471bdbdbce6c02c0298a1c786a1d51036ee87955dadcef3604051d1
                                                      • Instruction ID: e600cfd1c7081e54c1de1bfe7828ec616814f37f36b1af3f4c485be7034d387e
                                                      • Opcode Fuzzy Hash: 766e10582471bdbdbce6c02c0298a1c786a1d51036ee87955dadcef3604051d1
                                                      • Instruction Fuzzy Hash: E80190B1910B049FC718DF1AC644946FBF5EF88310B15C5AEA4598B721E775DA40CFA4
                                                      Function 004027D2 Relevance: 1.5, APIs: 1, Instructions: 30registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: Close
                                                      • String ID:
                                                      • API String ID: 3535843008-0
                                                      • Opcode ID: 586fb1fb148ea543d00e4acc6b9fc7a7e3d8bfcf0682dc85acb56c2db947ab44
                                                      • Instruction ID: e2c01e0a3cab7d5fedff9fb89257dc5a1944c610c1c0d5cc6a5ec5a2c6971ce4
                                                      • Opcode Fuzzy Hash: 586fb1fb148ea543d00e4acc6b9fc7a7e3d8bfcf0682dc85acb56c2db947ab44
                                                      • Instruction Fuzzy Hash: 55F0E5259056419BC3008B38FE62BA1BBB3FBD62213558139CA83626B3D3B44846D75E
                                                      Function 02D7E33B Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog.LIBCMT ref: 02D7E340
                                                        • Part of subcall function 02D83B5C: _malloc.LIBCMT ref: 02D83B74
                                                        • Part of subcall function 02D7E55C: __EH_prolog.LIBCMT ref: 02D7E561
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: H_prolog$_malloc
                                                      • String ID:
                                                      • API String ID: 4254904621-0
                                                      • Opcode ID: 0995bae060c4d114d66e6356632aa718ecd7867cc49e884210e46d000339747c
                                                      • Instruction ID: 89d3e0a6732eec61c30b792997c24d093200ae85e783a5b8f54e408ce1d8bfb8
                                                      • Opcode Fuzzy Hash: 0995bae060c4d114d66e6356632aa718ecd7867cc49e884210e46d000339747c
                                                      • Instruction Fuzzy Hash: 93E08CB0A00209ABCF49AF68D81172E77A6EB04300F0086AEB80C92340EB309D008AA4
                                                      Function 02D83462 Relevance: 1.5, APIs: 1, Instructions: 19COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 02D85C6A: __getptd_noexit.LIBCMT ref: 02D85C6B
                                                        • Part of subcall function 02D85C6A: __amsg_exit.LIBCMT ref: 02D85C78
                                                        • Part of subcall function 02D834A3: __getptd_noexit.LIBCMT ref: 02D834A7
                                                        • Part of subcall function 02D834A3: __freeptd.LIBCMT ref: 02D834C1
                                                        • Part of subcall function 02D834A3: RtlExitUserThread.NTDLL(?,00000000,?,02D83483,00000000), ref: 02D834CA
                                                      • __XcptFilter.LIBCMT ref: 02D8348F
                                                        • Part of subcall function 02D88DA4: __getptd_noexit.LIBCMT ref: 02D88DA8
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: __getptd_noexit$ExitFilterThreadUserXcpt__amsg_exit__freeptd
                                                      • String ID:
                                                      • API String ID: 1405322794-0
                                                      • Opcode ID: 48af93d257dfb9b0a23f840779405865f1ba1fffe6fd91f634962c1d6ab7941c
                                                      • Instruction ID: 0504c0a65bb85ebb6dcec4ba80d47248b5bfbd1cccc8609d0ea4f7a414f8cbcd
                                                      • Opcode Fuzzy Hash: 48af93d257dfb9b0a23f840779405865f1ba1fffe6fd91f634962c1d6ab7941c
                                                      • Instruction Fuzzy Hash: 56E0ECB19406049FEB08BBA4E945F2E77A6EF44711F210088E102AB361DA74AD40AF30
                                                      Function 0040230F Relevance: 1.5, APIs: 1, Instructions: 12registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegSetValueExA.KERNEL32(?), ref: 0040DCC9
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: Value
                                                      • String ID:
                                                      • API String ID: 3702945584-0
                                                      • Opcode ID: d3c14bfcff4fcef02423e8bd092042e5a9b97a479b9007207aa3797e7e61418a
                                                      • Instruction ID: 7419fff83d4971a559917b351212f50d46b794b180b6e5e328ec9fb145361512
                                                      • Opcode Fuzzy Hash: d3c14bfcff4fcef02423e8bd092042e5a9b97a479b9007207aa3797e7e61418a
                                                      • Instruction Fuzzy Hash: 5FD0C974C08008FACB015BC09E848AE7F30FF05310B2080B7E497B04E1CB39856AEB1E
                                                      Function 02DB5C7E Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002DAA000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DAA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2daa000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID:
                                                      • API String ID: 823142352-0
                                                      • Opcode ID: 07cf57694051856252cde9b32a1648d231e52a9a6244113e3a3002341f509c5c
                                                      • Instruction ID: 6c2cecd8fbab1c4d7472c252f08748b4cdd5ae8d3795776c2de71fde670a5189
                                                      • Opcode Fuzzy Hash: 07cf57694051856252cde9b32a1648d231e52a9a6244113e3a3002341f509c5c
                                                      • Instruction Fuzzy Hash: 3EC04CA185C71887E6553A456C49379B7645B10212F450414A38615750A960A914C59A
                                                      Function 0040D24A Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: ManagerOpen
                                                      • String ID:
                                                      • API String ID: 1889721586-0
                                                      • Opcode ID: e9fd3922b37b664b65c1950b7b11b25dc101f0421324f0b043ef57bf5e1a059b
                                                      • Instruction ID: 03dba25e1dd2f97b43c09e6fc17b081d86517fc31ae274d3298cbb5185586056
                                                      • Opcode Fuzzy Hash: e9fd3922b37b664b65c1950b7b11b25dc101f0421324f0b043ef57bf5e1a059b
                                                      • Instruction Fuzzy Hash: EAA002605045018AC6911F715FDC419655B554031A7611839D347E40A5CA38844EA52E
                                                      Function 0040D83F Relevance: 1.5, APIs: 1, Instructions: 3registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: Create
                                                      • String ID:
                                                      • API String ID: 2289755597-0
                                                      • Opcode ID: 333ad7bb848cf2bff8683a0e70db1ff325099123eb522660a4d287593de33460
                                                      • Instruction ID: 58332f9c7eb82856c9f6f06d77ab7d1a334fd3a409b2106384cd4a9e6673fbb4
                                                      • Opcode Fuzzy Hash: 333ad7bb848cf2bff8683a0e70db1ff325099123eb522660a4d287593de33460
                                                      • Instruction Fuzzy Hash: 00900220714501AED2500A615F0821925A8550864D71114395A47E0450DA3480095D1D
                                                      Function 00402AC3 Relevance: 1.5, APIs: 1, Instructions: 3registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: Close
                                                      • String ID:
                                                      • API String ID: 3535843008-0
                                                      • Opcode ID: ea6738a30df188c1b50b82e596f0b6d68dd01bf2b1a3c9da172caf99e74ad367
                                                      • Instruction ID: 27737bbda3d01c8c1f153215b960774ae21f75656edde2465b8af7f42343f07a
                                                      • Opcode Fuzzy Hash: ea6738a30df188c1b50b82e596f0b6d68dd01bf2b1a3c9da172caf99e74ad367
                                                      • Instruction Fuzzy Hash: C790027155590096C24007905B1D91575506118701321407B6352710F18AF95406560E
                                                      Function 02D82170 Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 02D81620: OpenEventA.KERNEL32(00100002,00000000,00000000,64D3178D), ref: 02D816C0
                                                        • Part of subcall function 02D81620: CloseHandle.KERNEL32(00000000), ref: 02D816D5
                                                        • Part of subcall function 02D81620: ResetEvent.KERNEL32(00000000,64D3178D), ref: 02D816DF
                                                        • Part of subcall function 02D81620: CloseHandle.KERNEL32(00000000,64D3178D), ref: 02D81714
                                                      • TlsSetValue.KERNEL32(00000029,?), ref: 02D821BA
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseEventHandle$OpenResetValue
                                                      • String ID:
                                                      • API String ID: 1556185888-0
                                                      • Opcode ID: 8ac31342563d6842906937c4ca4b3151fa56c91e1e9d880eb0e3916a02a96e6e
                                                      • Instruction ID: 4782cdffaad79c0a828737204d34d3cbde860031e20f133e973479398c553403
                                                      • Opcode Fuzzy Hash: 8ac31342563d6842906937c4ca4b3151fa56c91e1e9d880eb0e3916a02a96e6e
                                                      • Instruction Fuzzy Hash: 6C01DF71A00204ABD700DFA8D806F5ABBA8FB05760F20466AF829D3380D731AC048AA4
                                                      Function 004022DB Relevance: 1.3, APIs: 1, Instructions: 20stringCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • lstrcmpiW.KERNEL32(?,00409188), ref: 0040D832
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: lstrcmpi
                                                      • String ID:
                                                      • API String ID: 1586166983-0
                                                      • Opcode ID: d80a019ff4b9355ed9a181e003a9e1025ea866ce27fd92c62e8afab8e5cd062a
                                                      • Instruction ID: 99aa35e1b12c1835d0fc2c972203150798f1f7912d68e4b021d504d4e6b29300
                                                      • Opcode Fuzzy Hash: d80a019ff4b9355ed9a181e003a9e1025ea866ce27fd92c62e8afab8e5cd062a
                                                      • Instruction Fuzzy Hash: FFE08621A08241EEE7060BA04E0CA553BB46B41344B6645BFAC13BA1D2D37C9A0DB71F
                                                      Function 00402AEC Relevance: 1.3, APIs: 1, Instructions: 9sleepCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: Sleep
                                                      • String ID:
                                                      • API String ID: 3472027048-0
                                                      • Opcode ID: dde6a98611066ed9387e7c06a6daebe4bbe7983632d038ac230476ef61eeeeaf
                                                      • Instruction ID: cb96b7f3db25e115bb99e586c3982d3c446b307bdf365d405b96344a2196074b
                                                      • Opcode Fuzzy Hash: dde6a98611066ed9387e7c06a6daebe4bbe7983632d038ac230476ef61eeeeaf
                                                      • Instruction Fuzzy Hash: 99C09B31D48501D9D1002BF05F09F343A605B04740F114537DB0B744D0C679544E6D6F
                                                      Function 0040D735 Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: b4c2ba4bc98f6972c8f06714c6ec011ac24e43ce1970d23d140e22660922f115
                                                      • Instruction ID: 9839a0b70fcb1089d447928b662c57743724a112d05ff1ed2699f128ab06d813
                                                      • Opcode Fuzzy Hash: b4c2ba4bc98f6972c8f06714c6ec011ac24e43ce1970d23d140e22660922f115
                                                      • Instruction Fuzzy Hash: 7EB01233400452EFC6000F704B084103711630D35630618A39982B3564CA3D1C34D7A9

                                                      Non-executed Functions

                                                      Function 00406FB7 Relevance: 26.7, Strings: 21, Instructions: 417COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: +$+$-$-$0$0$0$0$0$1$1$9$9$9$9$9$9$C$E$c$e
                                                      • API String ID: 0-1157002505
                                                      • Opcode ID: 77b899b18de51c16fda490ab446002469581ee85db90d99b5a4b47e0ade2e1f8
                                                      • Instruction ID: 0dcf850e16222393e78044dcb3487124ee4404a68bb3b9157b6389de73fd9ba9
                                                      • Opcode Fuzzy Hash: 77b899b18de51c16fda490ab446002469581ee85db90d99b5a4b47e0ade2e1f8
                                                      • Instruction Fuzzy Hash: C3E1C230E58249DEEB258B64C9457BE77B1AB04304F68417BE841B63C2D37CA982DB5F
                                                      Function 02D808D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 179windowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 02D79AE4: __EH_prolog.LIBCMT ref: 02D79AE9
                                                        • Part of subcall function 02D79AE4: _Allocate.LIBCPMT ref: 02D79B40
                                                        • Part of subcall function 02D79AE4: _memmove.LIBCMT ref: 02D79B97
                                                      • FormatMessageA.KERNEL32(00001200,00000000,?,00000400,?,00000010,00000000), ref: 02D809B2
                                                      • GetLastError.KERNEL32(?,00000400,?,00000010,00000000), ref: 02D809BA
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateErrorFormatH_prologLastMessage_memmove
                                                      • String ID: Unknown error$invalid string position
                                                      • API String ID: 1017912131-1837348584
                                                      • Opcode ID: 6dd6dea34fee8d9113cc4dd0e543dd33f86b1855cf6932c3bd1ba272866a4c44
                                                      • Instruction ID: d5a628ca010f74b2595396390c20aa60d910bef929b83f9be7722a4563eab98a
                                                      • Opcode Fuzzy Hash: 6dd6dea34fee8d9113cc4dd0e543dd33f86b1855cf6932c3bd1ba272866a4c44
                                                      • Instruction Fuzzy Hash: D151AA706083418FEB14EF24C890B2EBBE5EB98749F54092DF49297791D771E948CB62
                                                      Function 02D89538 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,02D84EA6,?,?,?,00000001), ref: 02D8953D
                                                      • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 02D89546
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExceptionFilterUnhandled
                                                      • String ID:
                                                      • API String ID: 3192549508-0
                                                      • Opcode ID: df68a8d894c8b4908fc8aaea838a8576d1b72532a9ca01b5857e06a34f968184
                                                      • Instruction ID: 0389049dbfc2e2acd81480425ddb5f5215d4aeeebe99885c022c9454e84b0621
                                                      • Opcode Fuzzy Hash: df68a8d894c8b4908fc8aaea838a8576d1b72532a9ca01b5857e06a34f968184
                                                      • Instruction Fuzzy Hash: 55B09271498208EBEB012B91EC09B89BF38EB04662F104810F60D442508B6258309AA1
                                                      Function 0040D638 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • StartServiceCtrlDispatcherA.ADVAPI32(?), ref: 0040DD65
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: CtrlDispatcherServiceStart
                                                      • String ID:
                                                      • API String ID: 3789849863-0
                                                      • Opcode ID: 714c9079503ffc4bdba4587d395c9335a8c0c2b59d2b591cbc6047a9f886e153
                                                      • Instruction ID: 835ed39b52dae54d3bdeca106211e33fb2a60e659dc1c8df09009203a121f51d
                                                      • Opcode Fuzzy Hash: 714c9079503ffc4bdba4587d395c9335a8c0c2b59d2b591cbc6047a9f886e153
                                                      • Instruction Fuzzy Hash: EEF065319082518AD7458F70AE0A7B17BA8EB45714B14913BD883F20E7D77D880BD71D
                                                      Function 00402283 Relevance: 1.5, APIs: 1, Instructions: 19timeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: LocalTime
                                                      • String ID:
                                                      • API String ID: 481472006-0
                                                      • Opcode ID: f2dc8038c02261ac2591c7f3e6ea1758c3f1edef7a9fa4dbfa0eaf1c1867fd1e
                                                      • Instruction ID: 8f61dd77e5158ca24023d7682b96cd456a84fb789e945e15605350dc9bc3e4d7
                                                      • Opcode Fuzzy Hash: f2dc8038c02261ac2591c7f3e6ea1758c3f1edef7a9fa4dbfa0eaf1c1867fd1e
                                                      • Instruction Fuzzy Hash: 7AE086AB9041A08BC31147346F285DA7FB0B68671571913799DE3B31E2D2740D0DAB5E
                                                      Function 0040D15E Relevance: 1.5, APIs: 1, Instructions: 12serviceCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: CreateService
                                                      • String ID:
                                                      • API String ID: 1592570254-0
                                                      • Opcode ID: 2bcd24b34c4f4623625a5879b54bea87a3759f024c54235817a20578ecbba2f2
                                                      • Instruction ID: e0d0f1a3a59f238f5b54a09a39841fa0ab42b2c9a2cde5c8aadadb73de849f14
                                                      • Opcode Fuzzy Hash: 2bcd24b34c4f4623625a5879b54bea87a3759f024c54235817a20578ecbba2f2
                                                      • Instruction Fuzzy Hash: A1C01270804004EACA100B905F5441937356708310372447AD247F2190CA389D4DB66D
                                                      Function 00401051 Relevance: .8, Instructions: 774COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c970d07b5a8736805000ccf49c2c3e0be1249f32b7b106dff15c019d43e397c2
                                                      • Instruction ID: c8bfbb54730352564b930089ec95ced814cd77ea998b2ca2cce047e86fd9f603
                                                      • Opcode Fuzzy Hash: c970d07b5a8736805000ccf49c2c3e0be1249f32b7b106dff15c019d43e397c2
                                                      • Instruction Fuzzy Hash: 1E520D37E4062A9BDB14CE9ACCC05C9B7A3AFC825475BC265CD58BB305D6B4BD06CAD0
                                                      Function 02D7F085 Relevance: .6, Instructions: 634COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8565dba51f62ca82745c93959c5409f40a5920b3d56ea50adc44597dd0b8764c
                                                      • Instruction ID: 84f2ddf535e0b305667e0fc1eaa7a677a232d616235e0f268fbef1196e0916c4
                                                      • Opcode Fuzzy Hash: 8565dba51f62ca82745c93959c5409f40a5920b3d56ea50adc44597dd0b8764c
                                                      • Instruction Fuzzy Hash: 182210B3F211144BCB48CE6DCC927DAB6E3BFD821871E8539E809E7705E639D9158A84
                                                      Function 02D8E675 Relevance: .3, Instructions: 331COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                      • Instruction ID: daf80c5a85c28d956f9ca977734492b9f399c493999182375acc4381eba95d11
                                                      • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                      • Instruction Fuzzy Hash: B3C1A8322091A309DF6D6639C47553EFBA15E92AB530A075DF4B3CB2D6EF20C524CD10
                                                      Function 02D8E25D Relevance: .3, Instructions: 323COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                      • Instruction ID: 07c1a6f38446327b577068d10f8ce293b3aca7fe3981af614d6674098a442d31
                                                      • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                      • Instruction Fuzzy Hash: 21C197322191930ADF2D663AC43553EBBA15A926B531A0B6DF4F3CB2D6FF20D524DA10
                                                      Function 00401C26 Relevance: .3, Instructions: 263COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: af41b0c7e6cf134d524e8d64f6e4ae55e63b512cb5e841b2e55a01beb2b74a01
                                                      • Instruction ID: a42d24ad3a6fb18dd8d66be16c581d82c7a306d1cb0e87925171907ef8f84c95
                                                      • Opcode Fuzzy Hash: af41b0c7e6cf134d524e8d64f6e4ae55e63b512cb5e841b2e55a01beb2b74a01
                                                      • Instruction Fuzzy Hash: 30A1F6319081559BEB19CA98C0A07BD7B71EF41304F2880BEC8937B7E2C678D946D785
                                                      Function 02DAB4E5 Relevance: .0, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002DAA000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DAA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2daa000_avidenta.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 00933e5b5288a1e4190df1966e2d496ba9fa2a7f70829db8f569a56ba99b24b0
                                                      • Instruction ID: 7b770bf8824eff420be8f7206e202ca8eeb2849df42b3ceffbd640d57253be5c
                                                      • Opcode Fuzzy Hash: 00933e5b5288a1e4190df1966e2d496ba9fa2a7f70829db8f569a56ba99b24b0
                                                      • Instruction Fuzzy Hash: E1C012DD03D3E0300FFCF03838448E303D002E73027F03842D84045090500192473224
                                                      Function 02D724E1 Relevance: 21.2, APIs: 14, Instructions: 173COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog.LIBCMT ref: 02D724E6
                                                      • InterlockedCompareExchange.KERNEL32(?,00000000,00000001), ref: 02D724FC
                                                      • RtlEnterCriticalSection.NTDLL(?), ref: 02D7250E
                                                      • RtlLeaveCriticalSection.NTDLL(?), ref: 02D7256D
                                                      • SetLastError.KERNEL32(00000000,?,74DEDFB0), ref: 02D7257F
                                                      • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000001F4,?,74DEDFB0), ref: 02D72599
                                                      • GetLastError.KERNEL32(?,74DEDFB0), ref: 02D725A2
                                                      • InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 02D725F0
                                                      • InterlockedDecrement.KERNEL32(00000002), ref: 02D7262F
                                                      • InterlockedExchange.KERNEL32(00000000,00000000), ref: 02D7268E
                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02D72699
                                                      • InterlockedExchange.KERNEL32(00000000,00000001), ref: 02D726AD
                                                      • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,00000000,?,74DEDFB0), ref: 02D726BD
                                                      • GetLastError.KERNEL32(?,74DEDFB0), ref: 02D726C7
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Interlocked$Exchange$ErrorLast$CompareCompletionCriticalQueuedSectionStatus$DecrementEnterH_prologLeavePost
                                                      • String ID:
                                                      • API String ID: 1213838671-0
                                                      • Opcode ID: f7f5cfc06b8a430960527440fd20370bf1ced171782c268ee4205a1d251cf87c
                                                      • Instruction ID: 35aba597c59fc218b23d45196f8dc9d774cf3b88857e35eb5c7dfee6e6e76492
                                                      • Opcode Fuzzy Hash: f7f5cfc06b8a430960527440fd20370bf1ced171782c268ee4205a1d251cf87c
                                                      • Instruction Fuzzy Hash: 5B611EB1910249AFDB11DFA4D988AAEFBB9FF08314F10456AE956E3340E7349E54CF60
                                                      Function 02D74603 Relevance: 19.9, APIs: 13, Instructions: 442networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog.LIBCMT ref: 02D74608
                                                        • Part of subcall function 02D83B5C: _malloc.LIBCMT ref: 02D83B74
                                                      • htons.WS2_32(?), ref: 02D74669
                                                      • htonl.WS2_32(?), ref: 02D7468C
                                                      • htonl.WS2_32(00000000), ref: 02D74693
                                                      • htons.WS2_32(00000000), ref: 02D74747
                                                      • _sprintf.LIBCMT ref: 02D7475D
                                                        • Part of subcall function 02D78997: _memmove.LIBCMT ref: 02D789B7
                                                      • htons.WS2_32(?), ref: 02D746B0
                                                        • Part of subcall function 02D79742: __EH_prolog.LIBCMT ref: 02D79747
                                                        • Part of subcall function 02D79742: RtlEnterCriticalSection.NTDLL(00000020), ref: 02D797C2
                                                        • Part of subcall function 02D79742: RtlLeaveCriticalSection.NTDLL(00000020), ref: 02D797E0
                                                        • Part of subcall function 02D71BA7: __EH_prolog.LIBCMT ref: 02D71BAC
                                                        • Part of subcall function 02D71BA7: RtlEnterCriticalSection.NTDLL ref: 02D71BBC
                                                        • Part of subcall function 02D71BA7: RtlLeaveCriticalSection.NTDLL ref: 02D71BEA
                                                        • Part of subcall function 02D71BA7: RtlEnterCriticalSection.NTDLL ref: 02D71C13
                                                        • Part of subcall function 02D71BA7: RtlLeaveCriticalSection.NTDLL ref: 02D71C56
                                                        • Part of subcall function 02D7DEFE: __EH_prolog.LIBCMT ref: 02D7DF03
                                                      • htonl.WS2_32(?), ref: 02D7497C
                                                      • htonl.WS2_32(00000000), ref: 02D74983
                                                      • htonl.WS2_32(00000000), ref: 02D749C8
                                                      • htonl.WS2_32(00000000), ref: 02D749CF
                                                      • htons.WS2_32(?), ref: 02D749EF
                                                      • htons.WS2_32(?), ref: 02D749F9
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CriticalSectionhtonl$htons$H_prolog$EnterLeave$_malloc_memmove_sprintf
                                                      • String ID:
                                                      • API String ID: 1645262487-0
                                                      • Opcode ID: c09dfb27ebc9100c3406c8ee8464f2af4df90292d3f9793e230efcd2f7d6aeec
                                                      • Instruction ID: 0d400e95fa0b08a24a39ab1b59338f18ebe5b793aa1732e00c16d792c5b3190c
                                                      • Opcode Fuzzy Hash: c09dfb27ebc9100c3406c8ee8464f2af4df90292d3f9793e230efcd2f7d6aeec
                                                      • Instruction Fuzzy Hash: 60023671D11259EEEF16DBA4C844BEEBBB9EF08304F10415AE505B7280EB785E49CFA1
                                                      Function 004023B3 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 75registrysynchronizationthreadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegisterServiceCtrlHandlerA.ADVAPI32(epiAvidenta,Function_0000235E), ref: 004023C1
                                                      • SetServiceStatus.ADVAPI32(0040C428), ref: 00402420
                                                      • GetLastError.KERNEL32 ref: 00402422
                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0040242F
                                                      • GetLastError.KERNEL32 ref: 00402450
                                                      • SetServiceStatus.ADVAPI32(0040C428), ref: 00402480
                                                      • CreateThread.KERNEL32(00000000,00000000,Function_000022CB,00000000,00000000,00000000), ref: 0040248C
                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00402495
                                                      • CloseHandle.KERNEL32 ref: 004024A1
                                                      • SetServiceStatus.ADVAPI32(0040C428), ref: 004024CA
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: Service$Status$CreateErrorLast$CloseCtrlEventHandleHandlerObjectRegisterSingleThreadWait
                                                      • String ID: epiAvidenta
                                                      • API String ID: 3346042915-1511824811
                                                      • Opcode ID: 753a0235ba5695e58019e6aa29ec1da7c6dc0c1f9df913e85715c4e46543780f
                                                      • Instruction ID: a3e3ef7f37124685fff7eb82f843286fe872226498ea529b62b56e64eae557f7
                                                      • Opcode Fuzzy Hash: 753a0235ba5695e58019e6aa29ec1da7c6dc0c1f9df913e85715c4e46543780f
                                                      • Instruction Fuzzy Hash: 7B21C571401200EBD2105F26EFE9A6ABEA8FBC5758B51433EE504B22B1CBB90408CF6C
                                                      Function 02D88342 Relevance: 18.1, APIs: 12, Instructions: 84COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlDecodePointer.NTDLL(?), ref: 02D8834A
                                                      • _free.LIBCMT ref: 02D88363
                                                        • Part of subcall function 02D82F84: HeapFree.KERNEL32(00000000,00000000,?,02D85CE2,00000000,00000104,74DF0A60), ref: 02D82F98
                                                        • Part of subcall function 02D82F84: GetLastError.KERNEL32(00000000,?,02D85CE2,00000000,00000104,74DF0A60), ref: 02D82FAA
                                                      • _free.LIBCMT ref: 02D88376
                                                      • _free.LIBCMT ref: 02D88394
                                                      • _free.LIBCMT ref: 02D883A6
                                                      • _free.LIBCMT ref: 02D883B7
                                                      • _free.LIBCMT ref: 02D883C2
                                                      • _free.LIBCMT ref: 02D883E6
                                                      • RtlEncodePointer.NTDLL(008CBD08), ref: 02D883ED
                                                      • _free.LIBCMT ref: 02D88402
                                                      • _free.LIBCMT ref: 02D88418
                                                      • _free.LIBCMT ref: 02D88440
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: _free$Pointer$DecodeEncodeErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 3064303923-0
                                                      • Opcode ID: 5fa171e556541e93c1dc9a725716f423389965cd3a699b61129adf792b05a16a
                                                      • Instruction ID: 84cc166283b224b32c833d549690aacf44bc62f80cb60244cd96e1c8fb64e41c
                                                      • Opcode Fuzzy Hash: 5fa171e556541e93c1dc9a725716f423389965cd3a699b61129adf792b05a16a
                                                      • Instruction Fuzzy Hash: 69216B32D85262CBDB257F1AE844D1AB7AAFB0432572D492AE844D7380C735DCA4DFE4
                                                      Function 02D73423 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 94libraryloaderCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog.LIBCMT ref: 02D73428
                                                      • GetModuleHandleA.KERNEL32(KERNEL32,CancelIoEx), ref: 02D7346B
                                                      • GetProcAddress.KERNEL32(00000000), ref: 02D73472
                                                      • GetLastError.KERNEL32 ref: 02D73486
                                                      • InterlockedCompareExchange.KERNEL32(?,00000000,00000000), ref: 02D734D7
                                                      • RtlEnterCriticalSection.NTDLL(00000018), ref: 02D734ED
                                                      • RtlLeaveCriticalSection.NTDLL(00000018), ref: 02D73518
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CriticalSection$AddressCompareEnterErrorExchangeH_prologHandleInterlockedLastLeaveModuleProc
                                                      • String ID: CancelIoEx$KERNEL32
                                                      • API String ID: 2902213904-434325024
                                                      • Opcode ID: 50fae9985ad28b3034ab263b5d9b22a6ba5835a2f8d0f6f4eefdd445d8b5ea34
                                                      • Instruction ID: 70ffe961f5af448f3b087a1ed0ec3718e87bf45eea2edb77eeef91d8b3d4b6b1
                                                      • Opcode Fuzzy Hash: 50fae9985ad28b3034ab263b5d9b22a6ba5835a2f8d0f6f4eefdd445d8b5ea34
                                                      • Instruction Fuzzy Hash: 91319AB1900205DFEB01AF68D844BAABBF9FF49315F1084AAE8199B341E774DD10CBA1
                                                      Function 004068E8 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LoadLibraryA.KERNEL32(user32.dll,?,00000000,?,004046F1,?,Microsoft Visual C++ Runtime Library,00012010,?,00408594,?,004085E4,?,?,?,Runtime Error!Program: ), ref: 004068FA
                                                      • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 00406912
                                                      • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 00406923
                                                      • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 00406930
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: AddressProc$LibraryLoad
                                                      • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                                                      • API String ID: 2238633743-4044615076
                                                      • Opcode ID: f034dd86a801bf7db4410674f220bc356b78f5ea9e9dff596629c7f08716684c
                                                      • Instruction ID: faa25dc698437583564e0aa63e06cb7ac2b3dbfa77251ff515169e4014cab309
                                                      • Opcode Fuzzy Hash: f034dd86a801bf7db4410674f220bc356b78f5ea9e9dff596629c7f08716684c
                                                      • Instruction Fuzzy Hash: A30179B1700302ABC7209FB55FC0E2B3A989A58780702183EB155F25A0DE758416AB1D
                                                      Function 00406BC7 Relevance: 13.7, APIs: 9, Instructions: 177COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LCMapStringW.KERNEL32(00000000,00000100,00408660,00000001,00000000,00000000,00000103,00000001,00000000,?,00406687,00200020,00000000,?,00000000,00000000), ref: 00406C09
                                                      • LCMapStringA.KERNEL32(00000000,00000100,0040865C,00000001,00000000,00000000,?,00406687,00200020,00000000,?,00000000,00000000,00000001), ref: 00406C25
                                                      • LCMapStringA.KERNEL32(00000000,?,00000000,00200020,00406687,?,00000103,00000001,00000000,?,00406687,00200020,00000000,?,00000000,00000000), ref: 00406C6E
                                                      • MultiByteToWideChar.KERNEL32(00000000,00000002,00000000,00200020,00000000,00000000,00000103,00000001,00000000,?,00406687,00200020,00000000,?,00000000,00000000), ref: 00406CA6
                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00200020,?,00000000,?,00406687,00200020,00000000,?,00000000), ref: 00406CFE
                                                      • LCMapStringW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,?,00406687,00200020,00000000,?,00000000), ref: 00406D14
                                                      • LCMapStringW.KERNEL32(00000000,?,00406687,00000000,00406687,?,?,00406687,00200020,00000000,?,00000000), ref: 00406D47
                                                      • LCMapStringW.KERNEL32(00000000,?,?,?,?,00000000,?,00406687,00200020,00000000,?,00000000), ref: 00406DAF
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: String$ByteCharMultiWide
                                                      • String ID:
                                                      • API String ID: 352835431-0
                                                      • Opcode ID: 046527286ea761e929c24e8a76dd342f94a46cb6194575d5b62c008d899f055f
                                                      • Instruction ID: 3dbc1a8ea87845f159938d7fde4ffb0cd1a839876cc8b227a434aa4f06241865
                                                      • Opcode Fuzzy Hash: 046527286ea761e929c24e8a76dd342f94a46cb6194575d5b62c008d899f055f
                                                      • Instruction Fuzzy Hash: C3517D31500209EFCF229F94DE45A9F7FB5FF48750F11412AF952B22A0C7398921DB69
                                                      Function 004045CD Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000), ref: 0040463A
                                                      • GetStdHandle.KERNEL32(000000F4,00408594,00000000,?,00000000,00000000), ref: 00404710
                                                      • WriteFile.KERNEL32(00000000), ref: 00404717
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: File$HandleModuleNameWrite
                                                      • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                      • API String ID: 3784150691-4022980321
                                                      • Opcode ID: cfdbc0c0b212463ed00360a0469d8f7f48b0333d82c66fc394656b8192595d8d
                                                      • Instruction ID: 07c472cc77dbba7c6253ad415bbca102af262502dd18548cafcac9ea59a8ce0e
                                                      • Opcode Fuzzy Hash: cfdbc0c0b212463ed00360a0469d8f7f48b0333d82c66fc394656b8192595d8d
                                                      • Instruction Fuzzy Hash: 0931E6B26412186FDF20EA60CD46F9A376CAF86305F10047FF685F61D1EA7DAA448E1D
                                                      Function 00403F12 Relevance: 12.1, APIs: 8, Instructions: 132COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,004032A4), ref: 00403F2D
                                                      • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,004032A4), ref: 00403F41
                                                      • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,004032A4), ref: 00403F6D
                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,004032A4), ref: 00403FA5
                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,004032A4), ref: 00403FC7
                                                      • FreeEnvironmentStringsW.KERNEL32(00000000,?,00000000,?,?,?,?,004032A4), ref: 00403FE0
                                                      • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,004032A4), ref: 00403FF3
                                                      • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 00404031
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                                                      • String ID:
                                                      • API String ID: 1823725401-0
                                                      • Opcode ID: 159d32df7d36a6c9e64a338db4b0faf782f6f3d8fc727e2ae8e216b590f22cef
                                                      • Instruction ID: 790aeece71fcf200afd7c9324e1646546fc0ee4b2569f8f153279fac5a2f1af0
                                                      • Opcode Fuzzy Hash: 159d32df7d36a6c9e64a338db4b0faf782f6f3d8fc727e2ae8e216b590f22cef
                                                      • Instruction Fuzzy Hash: 083128B29082266FD7203F785DC483B7EACEA8534A715093FFA81F3281DA795D41466D
                                                      Function 02D81620 Relevance: 10.6, APIs: 7, Instructions: 132COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • OpenEventA.KERNEL32(00100002,00000000,00000000,64D3178D), ref: 02D816C0
                                                      • CloseHandle.KERNEL32(00000000), ref: 02D816D5
                                                      • ResetEvent.KERNEL32(00000000,64D3178D), ref: 02D816DF
                                                      • CloseHandle.KERNEL32(00000000,64D3178D), ref: 02D81714
                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,64D3178D), ref: 02D8178A
                                                      • CloseHandle.KERNEL32(00000000), ref: 02D8179F
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseEventHandle$CreateOpenReset
                                                      • String ID:
                                                      • API String ID: 1285874450-0
                                                      • Opcode ID: 0f366df7b5771fcdf7d25abacf6f386991e968a70eb7557a328972221993ee8d
                                                      • Instruction ID: b45253012494613cbaa0086d137127ff39b4699fba60016857a58463b7ae665a
                                                      • Opcode Fuzzy Hash: 0f366df7b5771fcdf7d25abacf6f386991e968a70eb7557a328972221993ee8d
                                                      • Instruction Fuzzy Hash: 21413B70D00358ABDF10DBA5CC49BADB7B8AF05764F244619E419AB380D730DD0ACBA1
                                                      Function 02D72081 Relevance: 10.6, APIs: 7, Instructions: 116timeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • InterlockedExchange.KERNEL32(?,00000001), ref: 02D720AC
                                                      • SetWaitableTimer.KERNEL32(00000000,?,00000001,00000000,00000000,00000000), ref: 02D720CD
                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02D720D8
                                                      • InterlockedDecrement.KERNEL32(?), ref: 02D7213E
                                                      • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000001F4,?), ref: 02D7217A
                                                      • InterlockedDecrement.KERNEL32(?), ref: 02D72187
                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02D721A6
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Interlocked$Exchange$Decrement$CompletionQueuedStatusTimerWaitable
                                                      • String ID:
                                                      • API String ID: 1171374749-0
                                                      • Opcode ID: 3156535762f176f8ba1c8c0b7a52b02996ab3399f4c31eb0ed26f946225d53de
                                                      • Instruction ID: 7a41419f55a5f6232e31e0338ca1e42abbcb5cb696dd3ea31fb3dfa6249dedcf
                                                      • Opcode Fuzzy Hash: 3156535762f176f8ba1c8c0b7a52b02996ab3399f4c31eb0ed26f946225d53de
                                                      • Instruction Fuzzy Hash: 404129B15047419FD321DF25D889A6BBBF9FFC8754F100A1EB89A82650E734E905CFA1
                                                      Function 02D81732 Relevance: 10.6, APIs: 7, Instructions: 107synchronizationCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 02D81EE0: OpenEventA.KERNEL32(00100002,00000000,?,?,?,02D8173E,?,?), ref: 02D81F0F
                                                        • Part of subcall function 02D81EE0: CloseHandle.KERNEL32(00000000,?,?,02D8173E,?,?), ref: 02D81F24
                                                        • Part of subcall function 02D81EE0: SetEvent.KERNEL32(00000000,02D8173E,?,?), ref: 02D81F37
                                                      • OpenEventA.KERNEL32(00100002,00000000,00000000,64D3178D), ref: 02D816C0
                                                      • CloseHandle.KERNEL32(00000000), ref: 02D816D5
                                                      • ResetEvent.KERNEL32(00000000,64D3178D), ref: 02D816DF
                                                      • CloseHandle.KERNEL32(00000000,64D3178D), ref: 02D81714
                                                      • __CxxThrowException@8.LIBCMT ref: 02D81745
                                                        • Part of subcall function 02D8456A: RaiseException.KERNEL32(?,?,02D7FB6A,?,?,?,?,?,?,?,02D7FB6A,?,02DA0F98,?), ref: 02D845BF
                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,64D3178D), ref: 02D8178A
                                                      • CloseHandle.KERNEL32(00000000), ref: 02D8179F
                                                        • Part of subcall function 02D81C20: GetCurrentProcessId.KERNEL32(?), ref: 02D81C79
                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF,64D3178D), ref: 02D817AF
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Event$CloseHandle$Open$CreateCurrentExceptionException@8ObjectProcessRaiseResetSingleThrowWait
                                                      • String ID:
                                                      • API String ID: 2227236058-0
                                                      • Opcode ID: 2dcae34b237dc99258cb4d28c6aa9f4b33dedee549b7427c6810242748cba6fb
                                                      • Instruction ID: 88f683626dffed5f97f58debb2f8e95d278180881481e41fac572ce7fe2ba1b9
                                                      • Opcode Fuzzy Hash: 2dcae34b237dc99258cb4d28c6aa9f4b33dedee549b7427c6810242748cba6fb
                                                      • Instruction Fuzzy Hash: 0F314C75D00359ABDF21EBA4DC49BADB7B9AF05364F140129E81DEB380D721DD0ACB61
                                                      Function 02D85DA4 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __init_pointers.LIBCMT ref: 02D85DA4
                                                        • Part of subcall function 02D88512: RtlEncodePointer.NTDLL(00000000), ref: 02D88515
                                                        • Part of subcall function 02D88512: __initp_misc_winsig.LIBCMT ref: 02D88530
                                                        • Part of subcall function 02D88512: GetModuleHandleW.KERNEL32(kernel32.dll,?,02DA1598,00000008,00000003,02DA0F7C,?,00000001), ref: 02D89291
                                                        • Part of subcall function 02D88512: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 02D892A5
                                                        • Part of subcall function 02D88512: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 02D892B8
                                                        • Part of subcall function 02D88512: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 02D892CB
                                                        • Part of subcall function 02D88512: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 02D892DE
                                                        • Part of subcall function 02D88512: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 02D892F1
                                                        • Part of subcall function 02D88512: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 02D89304
                                                        • Part of subcall function 02D88512: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 02D89317
                                                        • Part of subcall function 02D88512: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 02D8932A
                                                        • Part of subcall function 02D88512: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 02D8933D
                                                        • Part of subcall function 02D88512: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 02D89350
                                                        • Part of subcall function 02D88512: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 02D89363
                                                        • Part of subcall function 02D88512: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 02D89376
                                                        • Part of subcall function 02D88512: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 02D89389
                                                        • Part of subcall function 02D88512: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 02D8939C
                                                        • Part of subcall function 02D88512: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 02D893AF
                                                      • __mtinitlocks.LIBCMT ref: 02D85DA9
                                                      • __mtterm.LIBCMT ref: 02D85DB2
                                                        • Part of subcall function 02D85E1A: RtlDeleteCriticalSection.NTDLL(00000000), ref: 02D88948
                                                        • Part of subcall function 02D85E1A: _free.LIBCMT ref: 02D8894F
                                                        • Part of subcall function 02D85E1A: RtlDeleteCriticalSection.NTDLL(02DA3978), ref: 02D88971
                                                      • __calloc_crt.LIBCMT ref: 02D85DD7
                                                      • __initptd.LIBCMT ref: 02D85DF9
                                                      • GetCurrentThreadId.KERNEL32 ref: 02D85E00
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                                      • String ID:
                                                      • API String ID: 3567560977-0
                                                      • Opcode ID: 70d4f2256f328a8dcfdbce21aa3cf2d1437ec6e8da0dc3b9c7c91821d752a234
                                                      • Instruction ID: 8e32b61d554459446faa7627de643825d3a9b91a2df0be41323d6bdae3e99b6d
                                                      • Opcode Fuzzy Hash: 70d4f2256f328a8dcfdbce21aa3cf2d1437ec6e8da0dc3b9c7c91821d752a234
                                                      • Instruction Fuzzy Hash: 1BF0F0335AD3111AEA387B787C856AB2787DB01771FA20A19E894C53C0FF208C519960
                                                      Function 02D834D1 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,?,02D83483,00000000), ref: 02D834EB
                                                      • GetProcAddress.KERNEL32(00000000), ref: 02D834F2
                                                      • RtlEncodePointer.NTDLL(00000000), ref: 02D834FE
                                                      • RtlDecodePointer.NTDLL(00000001), ref: 02D8351B
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
                                                      • String ID: RoInitialize$combase.dll
                                                      • API String ID: 3489934621-340411864
                                                      • Opcode ID: 7172d4be385b2a46d340556534fa788db6e3e7fa6159c08986cbf85dc539b217
                                                      • Instruction ID: 4fc90860eec3f8c99f4126d011828fa98a8a1618b8b41b93186fafef2633944e
                                                      • Opcode Fuzzy Hash: 7172d4be385b2a46d340556534fa788db6e3e7fa6159c08986cbf85dc539b217
                                                      • Instruction Fuzzy Hash: 49E0C9B09E0340EBEF501B74EC0AF063769B701B02F249864B406E1384D7B599A89E54
                                                      Function 02D835A6 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,02D834C0), ref: 02D835C0
                                                      • GetProcAddress.KERNEL32(00000000), ref: 02D835C7
                                                      • RtlEncodePointer.NTDLL(00000000), ref: 02D835D2
                                                      • RtlDecodePointer.NTDLL(02D834C0), ref: 02D835ED
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
                                                      • String ID: RoUninitialize$combase.dll
                                                      • API String ID: 3489934621-2819208100
                                                      • Opcode ID: 36c375899fbd52fccaffc5fe2d1ab74938d489b468ef6b576064ffb020ed2160
                                                      • Instruction ID: 37a62cc1281d79cad53d1fd7b096fdd84c5b445bdb73dcce9d8c64928678ceda
                                                      • Opcode Fuzzy Hash: 36c375899fbd52fccaffc5fe2d1ab74938d489b468ef6b576064ffb020ed2160
                                                      • Instruction Fuzzy Hash: B3E092B4DE0304EBFF506B60AD0FB067BA9B701B06F245C94B206E1394DBB59D68DB58
                                                      Function 02D81F40 Relevance: 10.2, APIs: 8, Instructions: 154memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • TlsGetValue.KERNEL32(00000029,64D3178D,?,?,?,?,00000000,02D96AC8,000000FF,02D821DA), ref: 02D81F7A
                                                      • TlsSetValue.KERNEL32(00000029,02D821DA,?,?,00000000), ref: 02D81FE7
                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02D82011
                                                      • HeapFree.KERNEL32(00000000), ref: 02D82014
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: HeapValue$FreeProcess
                                                      • String ID:
                                                      • API String ID: 1812714009-0
                                                      • Opcode ID: ee75de764253e8376c85c8a372fabb98f2437f6dac723ce47a4de5a0206b8eca
                                                      • Instruction ID: a1f8b9237f13e7ce81377dcf97987077d19f3f56ab88823f0df14a898b86428a
                                                      • Opcode Fuzzy Hash: ee75de764253e8376c85c8a372fabb98f2437f6dac723ce47a4de5a0206b8eca
                                                      • Instruction Fuzzy Hash: 0B51DE71904388AFDB20EF69C848B16BBE5FF44764F298A58F85997380D731EC04CB91
                                                      Function 02D95690 Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • _ValidateScopeTableHandlers.LIBCMT ref: 02D957A0
                                                      • __FindPESection.LIBCMT ref: 02D957BA
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FindHandlersScopeSectionTableValidate
                                                      • String ID:
                                                      • API String ID: 876702719-0
                                                      • Opcode ID: c07cf50757a9ee31cef9eeeab442cbb1476755054d1cc6b2c96fd5abe8f68fba
                                                      • Instruction ID: 453ccd846d64a3482a5c5d629fc5983d1bc382f1801ec02a67066222e40516a5
                                                      • Opcode Fuzzy Hash: c07cf50757a9ee31cef9eeeab442cbb1476755054d1cc6b2c96fd5abe8f68fba
                                                      • Instruction Fuzzy Hash: 0BA18D72A01615DFEF12CF58E880BADB7A5EB44324FA54679EC55AB350E731EC01CB90
                                                      Function 00406A7E Relevance: 9.1, APIs: 6, Instructions: 117COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetStringTypeW.KERNEL32(00000001,00408660,00000001,00000000,00000103,00000001,00000000,00406687,00200020,00000000,?,00000000,00000000,00000001), ref: 00406ABD
                                                      • GetStringTypeA.KERNEL32(00000000,00000001,0040865C,00000001,?,?,00000000,00000000,00000001), ref: 00406AD7
                                                      • GetStringTypeA.KERNEL32(00000000,00000000,?,00000000,00200020,00000103,00000001,00000000,00406687,00200020,00000000,?,00000000,00000000,00000001), ref: 00406B0B
                                                      • MultiByteToWideChar.KERNEL32(00406687,00000002,?,00000000,00000000,00000000,00000103,00000001,00000000,00406687,00200020,00000000,?,00000000,00000000,00000001), ref: 00406B43
                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00406B99
                                                      • GetStringTypeW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00406BAB
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: StringType$ByteCharMultiWide
                                                      • String ID:
                                                      • API String ID: 3852931651-0
                                                      • Opcode ID: 87656d5370fc576a8e6cd5d6e170880e59467c9da7e5d9967f5ecfdf1b54f734
                                                      • Instruction ID: 5dca88ec0d3eb0aaa80f1ff7b452f14d5bb971dbdefcfa103bb381dac7bd3929
                                                      • Opcode Fuzzy Hash: 87656d5370fc576a8e6cd5d6e170880e59467c9da7e5d9967f5ecfdf1b54f734
                                                      • Instruction Fuzzy Hash: E5416171600219AFCF119F94DE85EAB3FB9FB04750F11453AF912F2290D7799A20CB99
                                                      Function 02D71C91 Relevance: 9.0, APIs: 6, Instructions: 39synchronizationthreadinjectionCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 02D71CB1
                                                      • CloseHandle.KERNEL32(?), ref: 02D71CBA
                                                      • InterlockedExchangeAdd.KERNEL32(02DA727C,00000000), ref: 02D71CC6
                                                      • TerminateThread.KERNEL32(?,00000000), ref: 02D71CD4
                                                      • QueueUserAPC.KERNEL32(02D71E7C,?,00000000), ref: 02D71CE1
                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 02D71CEC
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Wait$CloseExchangeHandleInterlockedMultipleObjectObjectsQueueSingleTerminateThreadUser
                                                      • String ID:
                                                      • API String ID: 1946104331-0
                                                      • Opcode ID: caa37095227c673b466dddd1e8dfae3f404cbce373dc9980fe4650cc9748162e
                                                      • Instruction ID: a4c9307803e4b1140df142762ffa045a1cb216ea1cee7537ca9ecc5b771a3257
                                                      • Opcode Fuzzy Hash: caa37095227c673b466dddd1e8dfae3f404cbce373dc9980fe4650cc9748162e
                                                      • Instruction Fuzzy Hash: D8F03171960214BFEB105B96ED0DD5BFBBCEB85721B104759F56E82290DB609D10CB60
                                                      Function 0040421C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetVersionExA.KERNEL32 ref: 0040423B
                                                      • GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 00404270
                                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 004042D0
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: EnvironmentFileModuleNameVariableVersion
                                                      • String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
                                                      • API String ID: 1385375860-4131005785
                                                      • Opcode ID: 58ca66314c6e6523d112f31b40a161e639e5c5e5cc0c8fdd41d9b20179a014b4
                                                      • Instruction ID: 184f5ec9f4f2d3f1b3927cee5de0cd4e268266450d658ca507bd0ab58eaf7eeb
                                                      • Opcode Fuzzy Hash: 58ca66314c6e6523d112f31b40a161e639e5c5e5cc0c8fdd41d9b20179a014b4
                                                      • Instruction Fuzzy Hash: 683139F1A012986DEB3196705C52BDE37689B82344F2450FFEB85F62C2D6388E89C719
                                                      Function 02D81940 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 66COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • std::exception::exception.LIBCMT ref: 02D8198F
                                                        • Part of subcall function 02D824E3: std::exception::_Copy_str.LIBCMT ref: 02D824FC
                                                        • Part of subcall function 02D80D60: __CxxThrowException@8.LIBCMT ref: 02D80DBE
                                                      • std::exception::exception.LIBCMT ref: 02D819EE
                                                      Strings
                                                      • $, xrefs: 02D819F3
                                                      • boost unique_lock owns already the mutex, xrefs: 02D819DD
                                                      • boost unique_lock has no mutex, xrefs: 02D8197E
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: std::exception::exception$Copy_strException@8Throwstd::exception::_
                                                      • String ID: $$boost unique_lock has no mutex$boost unique_lock owns already the mutex
                                                      • API String ID: 2140441600-46888669
                                                      • Opcode ID: 1ff4522b149cc73a4368b4095c79bb0f3425d362b51daf04961c0dbd2f9c9b66
                                                      • Instruction ID: 36556481d3993bfa0f0d09c00b91101503fab68457d8acab41b3d1736d81e577
                                                      • Opcode Fuzzy Hash: 1ff4522b149cc73a4368b4095c79bb0f3425d362b51daf04961c0dbd2f9c9b66
                                                      • Instruction Fuzzy Hash: 3E21F5B15083809FD720EF24C54475BBBE9EB89B18F00495DF4A587380D7B5E808CFA2
                                                      Function 02D72341 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • InterlockedExchange.KERNEL32(?,00000001), ref: 02D72350
                                                      • InterlockedExchange.KERNEL32(?,00000001), ref: 02D72360
                                                      • PostQueuedCompletionStatus.KERNEL32(00000000,00000000,00000000,00000000), ref: 02D72370
                                                      • GetLastError.KERNEL32 ref: 02D7237A
                                                        • Part of subcall function 02D71712: __EH_prolog.LIBCMT ref: 02D71717
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExchangeInterlocked$CompletionErrorH_prologLastPostQueuedStatus
                                                      • String ID: pqcs
                                                      • API String ID: 1619523792-2559862021
                                                      • Opcode ID: 99254fb8868ecdda8066a64d87e34be7c54d4b5514779c30b46ebd5925c88fe3
                                                      • Instruction ID: aeb0d7d4355f67db1f3951604fcb7338215a010ffdab48fe53eeba24ebfb5267
                                                      • Opcode Fuzzy Hash: 99254fb8868ecdda8066a64d87e34be7c54d4b5514779c30b46ebd5925c88fe3
                                                      • Instruction Fuzzy Hash: 1DF0D0B1950344ABEB20AF75D809BABBBBCEB44705F104569F949D3340F774DD248BA1
                                                      Function 02D74030 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog.LIBCMT ref: 02D74035
                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 02D74042
                                                      • RtlAllocateHeap.NTDLL(00000000), ref: 02D74049
                                                      • std::exception::exception.LIBCMT ref: 02D74063
                                                        • Part of subcall function 02D7A6D5: __EH_prolog.LIBCMT ref: 02D7A6DA
                                                        • Part of subcall function 02D7A6D5: Concurrency::cancellation_token::_FromImpl.LIBCPMT ref: 02D7A6E9
                                                        • Part of subcall function 02D7A6D5: __CxxThrowException@8.LIBCMT ref: 02D7A708
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: H_prologHeap$AllocateConcurrency::cancellation_token::_Exception@8FromImplProcessThrowstd::exception::exception
                                                      • String ID: bad allocation
                                                      • API String ID: 3112922283-2104205924
                                                      • Opcode ID: 519367dae011dd26e15a961f846bc61542b69646613e361fb19d77123a152083
                                                      • Instruction ID: b1f7d21edb313f13f29d7fd71a3e1e02ab465410f8a74af2b55960c607f8fd64
                                                      • Opcode Fuzzy Hash: 519367dae011dd26e15a961f846bc61542b69646613e361fb19d77123a152083
                                                      • Instruction Fuzzy Hash: 3CF082B1D402099BDF01EFE0D918BAFBB78FB04705F504655F919A2340DB344A14CF51
                                                      Function 00404044 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetStartupInfoA.KERNEL32(?), ref: 0040409D
                                                      • GetFileType.KERNEL32(00000800), ref: 00404143
                                                      • GetStdHandle.KERNEL32(-000000F6), ref: 0040419C
                                                      • GetFileType.KERNEL32(00000000), ref: 004041AA
                                                      • SetHandleCount.KERNEL32 ref: 004041E1
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: FileHandleType$CountInfoStartup
                                                      • String ID:
                                                      • API String ID: 1710529072-0
                                                      • Opcode ID: 7f5c55e8d81f6b32aec7bc847641905ebf7eddea7c89c5663b0c5dae59e1758a
                                                      • Instruction ID: c2fa14b46fa330a95339d6411410d8ce355079c290cfc5157990d8cdaf1916e9
                                                      • Opcode Fuzzy Hash: 7f5c55e8d81f6b32aec7bc847641905ebf7eddea7c89c5663b0c5dae59e1758a
                                                      • Instruction Fuzzy Hash: 8B512CB16046118BD7208B38CD887577B90ABA1325F15473EDA96FF3E1C738D889C719
                                                      Function 02D81C90 Relevance: 7.6, APIs: 5, Instructions: 117COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 02D81A60: CloseHandle.KERNEL32(00000000,64D3178D), ref: 02D81AB1
                                                        • Part of subcall function 02D81A60: WaitForSingleObject.KERNEL32(?,000000FF,64D3178D,?,?,?,?,64D3178D,02D81A33,64D3178D), ref: 02D81AC8
                                                      • ReleaseSemaphore.KERNEL32(?,?,00000000), ref: 02D81D2E
                                                      • ReleaseSemaphore.KERNEL32(?,?,00000000), ref: 02D81D4E
                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 02D81D87
                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?), ref: 02D81DDB
                                                      • SetEvent.KERNEL32(?), ref: 02D81DE2
                                                        • Part of subcall function 02D7418C: CloseHandle.KERNEL32(00000000,?,02D81D15), ref: 02D741B0
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseHandle$ReleaseSemaphore$EventObjectSingleWait
                                                      • String ID:
                                                      • API String ID: 4166353394-0
                                                      • Opcode ID: 95cfa16d6561a940871ce3b2b73667f7ce8d143364e86baaf503a0a96bd341bf
                                                      • Instruction ID: 216e413b665d0a1dc6e3a7b2b4918282cbdbf08f6d4b7b371e44c9e14217231e
                                                      • Opcode Fuzzy Hash: 95cfa16d6561a940871ce3b2b73667f7ce8d143364e86baaf503a0a96bd341bf
                                                      • Instruction Fuzzy Hash: C341C0716003118BEB25AF28CC80B16B7A4FF45725F144668EC1DEB395E738DC1ACBA5
                                                      Function 02D7E103 Relevance: 7.6, APIs: 5, Instructions: 92COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog.LIBCMT ref: 02D7E108
                                                        • Part of subcall function 02D71A01: TlsGetValue.KERNEL32 ref: 02D71A0A
                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02D7E187
                                                      • RtlEnterCriticalSection.NTDLL(?), ref: 02D7E1A3
                                                      • InterlockedIncrement.KERNEL32(02DA5190), ref: 02D7E1C8
                                                      • RtlLeaveCriticalSection.NTDLL(?), ref: 02D7E1DD
                                                        • Part of subcall function 02D727F3: SetWaitableTimer.KERNEL32(00000000,?,000493E0,00000000,00000000,00000000,00000000,00000000,0000000A,00000000), ref: 02D7284E
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CriticalInterlockedSection$EnterExchangeH_prologIncrementLeaveTimerValueWaitable
                                                      • String ID:
                                                      • API String ID: 1578506061-0
                                                      • Opcode ID: 80cdc9e3fae9b77803347b71aa2738554ee7a0a81f559d70f30a8d57ab8a1a81
                                                      • Instruction ID: f3487e791ba07ca705eb5b4fca2b53768abd5a3be9c3aca832bfe33904638ca8
                                                      • Opcode Fuzzy Hash: 80cdc9e3fae9b77803347b71aa2738554ee7a0a81f559d70f30a8d57ab8a1a81
                                                      • Instruction Fuzzy Hash: 833113B1D012059FDB14DFA8D544AAABBF9FF48310F14855EE849E7741E738AA14CFA0
                                                      Function 02D903B4 Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • _malloc.LIBCMT ref: 02D903C0
                                                        • Part of subcall function 02D82FBC: __FF_MSGBANNER.LIBCMT ref: 02D82FD3
                                                        • Part of subcall function 02D82FBC: __NMSG_WRITE.LIBCMT ref: 02D82FDA
                                                        • Part of subcall function 02D82FBC: RtlAllocateHeap.NTDLL(00830000,00000000,00000001), ref: 02D82FFF
                                                      • _free.LIBCMT ref: 02D903D3
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateHeap_free_malloc
                                                      • String ID:
                                                      • API String ID: 1020059152-0
                                                      • Opcode ID: f6bf6b2efbd768f2804adec0c71def6782a92697ee0f6adfc66536fd69f6df34
                                                      • Instruction ID: 01c448144ace937a1b070048dd273ce395cc10adcc78f808fcac429b374f1192
                                                      • Opcode Fuzzy Hash: f6bf6b2efbd768f2804adec0c71def6782a92697ee0f6adfc66536fd69f6df34
                                                      • Instruction Fuzzy Hash: 0011A372944616ABDF213FB4BC4475A3799DB053A2F114925F9499A390DB34CC50CBA4
                                                      Function 02D721D5 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog.LIBCMT ref: 02D721DA
                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02D721ED
                                                      • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,00000001), ref: 02D72224
                                                      • TlsSetValue.KERNEL32(?,?,?,?,?,?,?,?,?,00000001), ref: 02D72237
                                                      • TlsSetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 02D72261
                                                        • Part of subcall function 02D72341: InterlockedExchange.KERNEL32(?,00000001), ref: 02D72350
                                                        • Part of subcall function 02D72341: InterlockedExchange.KERNEL32(?,00000001), ref: 02D72360
                                                        • Part of subcall function 02D72341: PostQueuedCompletionStatus.KERNEL32(00000000,00000000,00000000,00000000), ref: 02D72370
                                                        • Part of subcall function 02D72341: GetLastError.KERNEL32 ref: 02D7237A
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExchangeInterlockedValue$CompletionErrorH_prologLastPostQueuedStatus
                                                      • String ID:
                                                      • API String ID: 1856819132-0
                                                      • Opcode ID: 9f5b186029d4c6f5c1fabdabe9e32e5338946b5602ac55a0c15eb1ba2de82d19
                                                      • Instruction ID: 68265c302905ccca289bf7e4b0e7f58198fc7e69a975fcf9e46760979dafac8e
                                                      • Opcode Fuzzy Hash: 9f5b186029d4c6f5c1fabdabe9e32e5338946b5602ac55a0c15eb1ba2de82d19
                                                      • Instruction Fuzzy Hash: 64117F71D00154EBDB11AFA8D808AAEFBBAFB55314F10852AF815A2360E7358E21CF90
                                                      Function 02D72298 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog.LIBCMT ref: 02D7229D
                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02D722B0
                                                      • TlsGetValue.KERNEL32 ref: 02D722E7
                                                      • TlsSetValue.KERNEL32(?), ref: 02D72300
                                                      • TlsSetValue.KERNEL32(?,?,?), ref: 02D7231C
                                                        • Part of subcall function 02D72341: InterlockedExchange.KERNEL32(?,00000001), ref: 02D72350
                                                        • Part of subcall function 02D72341: InterlockedExchange.KERNEL32(?,00000001), ref: 02D72360
                                                        • Part of subcall function 02D72341: PostQueuedCompletionStatus.KERNEL32(00000000,00000000,00000000,00000000), ref: 02D72370
                                                        • Part of subcall function 02D72341: GetLastError.KERNEL32 ref: 02D7237A
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExchangeInterlockedValue$CompletionErrorH_prologLastPostQueuedStatus
                                                      • String ID:
                                                      • API String ID: 1856819132-0
                                                      • Opcode ID: 1d9a744fd22891685f34cd4b014470f8ea9c0ea9f95eb66fa233e262365a4352
                                                      • Instruction ID: 4016c31742f00db0781dcf782223331aac79b2342aa5b3f50379fa21e60c3e23
                                                      • Opcode Fuzzy Hash: 1d9a744fd22891685f34cd4b014470f8ea9c0ea9f95eb66fa233e262365a4352
                                                      • Instruction Fuzzy Hash: 05112BB2D10119ABDB12AFA5DC44AAEFBBAFF54310F10456AF804A3350D7758E61DFA0
                                                      Function 02D7BD1D Relevance: 7.5, APIs: 5, Instructions: 45synchronizationCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 02D7B170: __EH_prolog.LIBCMT ref: 02D7B175
                                                      • __CxxThrowException@8.LIBCMT ref: 02D7BD3A
                                                        • Part of subcall function 02D8456A: RaiseException.KERNEL32(?,?,02D7FB6A,?,?,?,?,?,?,?,02D7FB6A,?,02DA0F98,?), ref: 02D845BF
                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,02DA1DB4,?,00000001), ref: 02D7BD50
                                                      • InterlockedExchange.KERNEL32(?,00000001), ref: 02D7BD63
                                                      • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000001,00000000,?,?,?,02DA1DB4,?,00000001), ref: 02D7BD73
                                                      • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02D7BD81
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExchangeInterlocked$CompletionExceptionException@8H_prologObjectPostQueuedRaiseSingleStatusThrowWait
                                                      • String ID:
                                                      • API String ID: 2725315915-0
                                                      • Opcode ID: e3feb8e878234802fe795c0a30e2567c825882bbc41faacf82b3c2baf8aa31a9
                                                      • Instruction ID: 7fc4110a149f6d07ab7abd1b90de118e169e14607d9816c3e3fcdafd82c43aca
                                                      • Opcode Fuzzy Hash: e3feb8e878234802fe795c0a30e2567c825882bbc41faacf82b3c2baf8aa31a9
                                                      • Instruction Fuzzy Hash: 9C0186B6A50305AFEB109AF4DC89F8A77BDEB04369F104515F61AD7390D764EC548B20
                                                      Function 02D72420 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 02D72432
                                                      • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000002,?), ref: 02D72445
                                                      • RtlEnterCriticalSection.NTDLL(?), ref: 02D72454
                                                      • InterlockedExchange.KERNEL32(?,00000001), ref: 02D72469
                                                      • RtlLeaveCriticalSection.NTDLL(?), ref: 02D72470
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CriticalExchangeInterlockedSection$CompareCompletionEnterLeavePostQueuedStatus
                                                      • String ID:
                                                      • API String ID: 747265849-0
                                                      • Opcode ID: 6643ec74c7624540fe0e3bd404f682471f25de6210ef7df6435fd2191cd6c3d2
                                                      • Instruction ID: 9dee567c56b0f1cd2f46fba9989055af12997c13d6ea16f22900f2fa003487a6
                                                      • Opcode Fuzzy Hash: 6643ec74c7624540fe0e3bd404f682471f25de6210ef7df6435fd2191cd6c3d2
                                                      • Instruction Fuzzy Hash: E8F030B2650205BBE7009AA1ED4DFD6B73CFB44711F904821F705D6680E775AD31CBA1
                                                      Function 02D71EC7 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • InterlockedIncrement.KERNEL32(?), ref: 02D71ED2
                                                      • PostQueuedCompletionStatus.KERNEL32(?,?,?,00000000,00000000,?), ref: 02D71EEA
                                                      • RtlEnterCriticalSection.NTDLL(?), ref: 02D71EF9
                                                      • InterlockedExchange.KERNEL32(?,00000001), ref: 02D71F0E
                                                      • RtlLeaveCriticalSection.NTDLL(?), ref: 02D71F15
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CriticalInterlockedSection$CompletionEnterExchangeIncrementLeavePostQueuedStatus
                                                      • String ID:
                                                      • API String ID: 830998967-0
                                                      • Opcode ID: 0fb5b3dd4b0333b0cbf836c9ac48a8e9dda6596327cbf56ea434f75c58b01cdb
                                                      • Instruction ID: a5db159dfaa62ccbdcaf4c27ffd084423efda77b4f251b3c79a0eb74e34cf570
                                                      • Opcode Fuzzy Hash: 0fb5b3dd4b0333b0cbf836c9ac48a8e9dda6596327cbf56ea434f75c58b01cdb
                                                      • Instruction Fuzzy Hash: 66F017B2651605BBEB00AFA1ED88FDABB3DFF04751F100416F60586640D775A935CBA0
                                                      Function 02D7875A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 139COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: _memmove
                                                      • String ID: invalid string position$string too long
                                                      • API String ID: 4104443479-4289949731
                                                      • Opcode ID: ec10f8da75c30d8caaa81e7a8f43929a59994b90fe581f18fd36575ee45e928d
                                                      • Instruction ID: cc1b3167009fbd99dd833245f07b180c5c90ab29c259ba1a26201eb6e1fb747a
                                                      • Opcode Fuzzy Hash: ec10f8da75c30d8caaa81e7a8f43929a59994b90fe581f18fd36575ee45e928d
                                                      • Instruction Fuzzy Hash: 6241E7317003049FD734DE6DEC88A6AB7AAEF41714B14492DE856C7381E778EC05EBA1
                                                      Function 02D730AE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • WSASetLastError.WS2_32(00000000), ref: 02D730C3
                                                      • WSAStringToAddressA.WS2_32(?,?,00000000,?,?), ref: 02D73102
                                                      • _memcmp.LIBCMT ref: 02D73141
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AddressErrorLastString_memcmp
                                                      • String ID: 255.255.255.255
                                                      • API String ID: 1618111833-2422070025
                                                      • Opcode ID: 22edaa305dcfba338eb718323942b5c4d2868feedd5a59c6f8445662fe40330d
                                                      • Instruction ID: e4b20f2a48c55bf27d5ba0a343c3148c42d6c560493cec8f2f67d8a9eb75b64b
                                                      • Opcode Fuzzy Hash: 22edaa305dcfba338eb718323942b5c4d2868feedd5a59c6f8445662fe40330d
                                                      • Instruction Fuzzy Hash: 0D31B171A003149FDB20AF74C88076EB7A6EF45325F1085A9EC6997380FB76AD45CF90
                                                      Function 02D71F56 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog.LIBCMT ref: 02D71F5B
                                                      • CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000000,000000FF,?,00000000), ref: 02D71FC5
                                                      • GetLastError.KERNEL32(?,00000000), ref: 02D71FD2
                                                        • Part of subcall function 02D71712: __EH_prolog.LIBCMT ref: 02D71717
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: H_prolog$CompletionCreateErrorLastPort
                                                      • String ID: iocp
                                                      • API String ID: 998023749-976528080
                                                      • Opcode ID: f504a1a8608a7ed788d558e8005774a650e25a9e76f3411afa2d4273f69619db
                                                      • Instruction ID: b4a640493f7047b1f657f35584e9d28ca1ba1a914528b00cc9eb9d4305a923f2
                                                      • Opcode Fuzzy Hash: f504a1a8608a7ed788d558e8005774a650e25a9e76f3411afa2d4273f69619db
                                                      • Instruction Fuzzy Hash: 5421A5B1901B449BCB20DF6AD54455BFBF8FF94710B108A1FE4AA83B90D7B4AA04CF91
                                                      Function 02D83B5C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • _malloc.LIBCMT ref: 02D83B74
                                                        • Part of subcall function 02D82FBC: __FF_MSGBANNER.LIBCMT ref: 02D82FD3
                                                        • Part of subcall function 02D82FBC: __NMSG_WRITE.LIBCMT ref: 02D82FDA
                                                        • Part of subcall function 02D82FBC: RtlAllocateHeap.NTDLL(00830000,00000000,00000001), ref: 02D82FFF
                                                      • std::exception::exception.LIBCMT ref: 02D83B92
                                                      • __CxxThrowException@8.LIBCMT ref: 02D83BA7
                                                        • Part of subcall function 02D8456A: RaiseException.KERNEL32(?,?,02D7FB6A,?,?,?,?,?,?,?,02D7FB6A,?,02DA0F98,?), ref: 02D845BF
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
                                                      • String ID: bad allocation
                                                      • API String ID: 3074076210-2104205924
                                                      • Opcode ID: 0fd43f85ac66a2333b69f929500a3b639340f9d0d9feeaccc655111b668462aa
                                                      • Instruction ID: 15f9806a35f5d38381196c051e0fd08a5684a647b727be155f45b42c998daad6
                                                      • Opcode Fuzzy Hash: 0fd43f85ac66a2333b69f929500a3b639340f9d0d9feeaccc655111b668462aa
                                                      • Instruction Fuzzy Hash: 29E0307494020EAADF10FEA4DC15EAFB7A9EB01711F5045D5AC18A6390EB70EE14DAA1
                                                      Function 02D737B1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog.LIBCMT ref: 02D737B6
                                                      • __localtime64.LIBCMT ref: 02D737C1
                                                        • Part of subcall function 02D82610: __gmtime64_s.LIBCMT ref: 02D82623
                                                      • std::exception::exception.LIBCMT ref: 02D737D9
                                                        • Part of subcall function 02D824E3: std::exception::_Copy_str.LIBCMT ref: 02D824FC
                                                        • Part of subcall function 02D7A533: __EH_prolog.LIBCMT ref: 02D7A538
                                                        • Part of subcall function 02D7A533: Concurrency::cancellation_token::_FromImpl.LIBCPMT ref: 02D7A547
                                                        • Part of subcall function 02D7A533: __CxxThrowException@8.LIBCMT ref: 02D7A566
                                                      Strings
                                                      • could not convert calendar time to UTC time, xrefs: 02D737CE
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: H_prolog$Concurrency::cancellation_token::_Copy_strException@8FromImplThrow__gmtime64_s__localtime64std::exception::_std::exception::exception
                                                      • String ID: could not convert calendar time to UTC time
                                                      • API String ID: 1963798777-2088861013
                                                      • Opcode ID: 5221f9574a6bbd25973b89a3af61135d9e1d4a5280eac0f667108ccb6b835fca
                                                      • Instruction ID: 1d7ee595972207c817b223be6c495dcc329ad2957c85e3e3c6335d6f203dadfb
                                                      • Opcode Fuzzy Hash: 5221f9574a6bbd25973b89a3af61135d9e1d4a5280eac0f667108ccb6b835fca
                                                      • Instruction Fuzzy Hash: 54E030B5D0014996CF01FFA4D8047AEB779EB04314F404595E814A2340DB345E168EA0
                                                      Function 004034CA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetModuleHandleA.KERNEL32(KERNEL32,004031DA), ref: 004034CF
                                                      • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 004034DF
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: AddressHandleModuleProc
                                                      • String ID: IsProcessorFeaturePresent$KERNEL32
                                                      • API String ID: 1646373207-3105848591
                                                      • Opcode ID: 9e3184260247bb682de86deda7832bfa8ed340def0682ebd0b0602d774616e76
                                                      • Instruction ID: 898d93880d4485db41e7873eaf179ed41bca6e5ae6807f0673dee1401ec4111e
                                                      • Opcode Fuzzy Hash: 9e3184260247bb682de86deda7832bfa8ed340def0682ebd0b0602d774616e76
                                                      • Instruction Fuzzy Hash: E7C01260380A0166EAB12FB20F09B2A290C0B00B03F10407EA689F80C0CE7DC600802D
                                                      Function 00404F8C Relevance: 6.4, APIs: 5, Instructions: 102memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • HeapAlloc.KERNEL32(00000000,00002020,?,00000000,?,?,004043AA), ref: 00404FAD
                                                      • VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,00000000,?,?,004043AA), ref: 00404FD1
                                                      • VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,00000000,?,?,004043AA), ref: 00404FEB
                                                      • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00000000,?,?,004043AA), ref: 004050AC
                                                      • HeapFree.KERNEL32(00000000,00000000,?,00000000,?,?,004043AA), ref: 004050C3
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: AllocVirtual$FreeHeap
                                                      • String ID:
                                                      • API String ID: 714016831-0
                                                      • Opcode ID: f1e65f67fdbfd5f1cb6a1da9da0650b6d82232d347ff9b2b09204e151c2c29bb
                                                      • Instruction ID: a7f23685012a0bc72c2a0b99c88b2486a7fce89ecdb7f3ca743dcf13c059541f
                                                      • Opcode Fuzzy Hash: f1e65f67fdbfd5f1cb6a1da9da0650b6d82232d347ff9b2b09204e151c2c29bb
                                                      • Instruction Fuzzy Hash: BA31CF70641B029BD3308F24DE45B2BB7A4EB88754F10863AE955B72E1E778A844CF9C
                                                      Function 02D8C3F9 Relevance: 6.2, APIs: 4, Instructions: 162COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AdjustPointer_memmove
                                                      • String ID:
                                                      • API String ID: 1721217611-0
                                                      • Opcode ID: d38003311fe0692b3aab4acc4eb8e58bee5e781095523c48337d4720a26c0f0e
                                                      • Instruction ID: 7988f56c2c0b6559643feee88c4582f4506eca46fea700a9718018a8c87a96f7
                                                      • Opcode Fuzzy Hash: d38003311fe0692b3aab4acc4eb8e58bee5e781095523c48337d4720a26c0f0e
                                                      • Instruction Fuzzy Hash: 6A416E75214303DAEF2C7A28E850B7A27F59B05764F1400AFE8499A7A0DB61ED85CA30
                                                      Function 02D81330 Relevance: 6.1, APIs: 4, Instructions: 148COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,02D74149), ref: 02D813CF
                                                        • Part of subcall function 02D73FDC: __EH_prolog.LIBCMT ref: 02D73FE1
                                                        • Part of subcall function 02D73FDC: CreateEventA.KERNEL32(00000000,?,?,00000000), ref: 02D73FF3
                                                      • CloseHandle.KERNEL32(00000000), ref: 02D813C4
                                                      • CloseHandle.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,02D74149), ref: 02D81410
                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,02D74149), ref: 02D814E1
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseHandle$Event$CreateH_prolog
                                                      • String ID:
                                                      • API String ID: 2825413587-0
                                                      • Opcode ID: 09a8c317ff7fe68f282d4939eda001726d78500ce08777d1bb87801a84928ef7
                                                      • Instruction ID: 2aea6b0a6f3124c3869197bf0945b7dc8cc0c1ac8108706ad95a57a61225d52e
                                                      • Opcode Fuzzy Hash: 09a8c317ff7fe68f282d4939eda001726d78500ce08777d1bb87801a84928ef7
                                                      • Instruction Fuzzy Hash: 2D516FB16003459BDB11EF28C884B9AB7E5FF49328F194628F8AD97390D735DC0ACB91
                                                      Function 02D837BD Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                                      • String ID:
                                                      • API String ID: 2782032738-0
                                                      • Opcode ID: 74fd7ae48c8e0e00c31eaba1fa6ec470c5178f0af37b8486f0187a5ad7048a98
                                                      • Instruction ID: a34c178af24a863475602a5d018f3ba5ceec352aa1538fe693f59b849298dae4
                                                      • Opcode Fuzzy Hash: 74fd7ae48c8e0e00c31eaba1fa6ec470c5178f0af37b8486f0187a5ad7048a98
                                                      • Instruction Fuzzy Hash: C241D475B00706AFDB98AEA9C8905AE7BB6EF40B64B1481BDE85DC7380D770DD41CB50
                                                      Function 02D8FF25 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 02D8FF5B
                                                      • __isleadbyte_l.LIBCMT ref: 02D8FF89
                                                      • MultiByteToWideChar.KERNEL32(?,00000009,00000108,?,00000000,00000000), ref: 02D8FFB7
                                                      • MultiByteToWideChar.KERNEL32(?,00000009,00000108,00000001,00000000,00000000), ref: 02D8FFED
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                      • String ID:
                                                      • API String ID: 3058430110-0
                                                      • Opcode ID: 9b616e30bdb308e7e0bc3255e89a58aa682ef68485ae7be84954d7ef629337b5
                                                      • Instruction ID: bcefd75c79a09659f6563dada9e39fe1f33fde6b962e9ad7afe7ff0754f74dfa
                                                      • Opcode Fuzzy Hash: 9b616e30bdb308e7e0bc3255e89a58aa682ef68485ae7be84954d7ef629337b5
                                                      • Instruction Fuzzy Hash: D631AD31A00256AFDB21AF75C844BAABBBAFF42315F154469F868C76D0E730DC64DB90
                                                      Function 02D73D7E Relevance: 6.1, APIs: 4, Instructions: 57networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • htons.WS2_32(?), ref: 02D73DA2
                                                        • Part of subcall function 02D73BD3: __EH_prolog.LIBCMT ref: 02D73BD8
                                                        • Part of subcall function 02D73BD3: std::bad_exception::bad_exception.LIBCMT ref: 02D73BED
                                                      • htonl.WS2_32(00000000), ref: 02D73DB9
                                                      • htonl.WS2_32(00000000), ref: 02D73DC0
                                                      • htons.WS2_32(?), ref: 02D73DD4
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: htonlhtons$H_prologstd::bad_exception::bad_exception
                                                      • String ID:
                                                      • API String ID: 3882411702-0
                                                      • Opcode ID: debcb5528d7156adfe25a6e18bfe71bb3da3596c7cc9708daf8825af7ab82398
                                                      • Instruction ID: a8576385b25a269bd0e933670abf738e3c40ea361828a3b61ba17063e12a4a0d
                                                      • Opcode Fuzzy Hash: debcb5528d7156adfe25a6e18bfe71bb3da3596c7cc9708daf8825af7ab82398
                                                      • Instruction Fuzzy Hash: 80117C76A10209EFDF019F64D885AAAB7B9EF09310F008496FC04DF315E7719E14DBA5
                                                      Function 02D7239D Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000), ref: 02D723D0
                                                      • RtlEnterCriticalSection.NTDLL(?), ref: 02D723DE
                                                      • InterlockedExchange.KERNEL32(?,00000001), ref: 02D72401
                                                      • RtlLeaveCriticalSection.NTDLL(?), ref: 02D72408
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CriticalSection$CompletionEnterExchangeInterlockedLeavePostQueuedStatus
                                                      • String ID:
                                                      • API String ID: 4018804020-0
                                                      • Opcode ID: 7bdff6fe2efbb5f265f7933b11f80ef9f41b6ec2daee6acfa969f03143ec8ba5
                                                      • Instruction ID: d58eedb6fb77b4f4c95f4d2292dfeb7cacd6d2e6a57f42f45a0220012343a2cb
                                                      • Opcode Fuzzy Hash: 7bdff6fe2efbb5f265f7933b11f80ef9f41b6ec2daee6acfa969f03143ec8ba5
                                                      • Instruction Fuzzy Hash: 5D11E571500305ABEB209F50C948B66BBB9FF40708F1044ADF9019B240E775FD51CBA0
                                                      Function 02D8C84B Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                      • String ID:
                                                      • API String ID: 3016257755-0
                                                      • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                      • Instruction ID: 86bcdbffe38e7defd0410db5f999a6111867f5afed454bab67226ab346f0e019
                                                      • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                      • Instruction Fuzzy Hash: 09014C3209014AFBCF1A6E84DC018EE3F73BB08354F498416FA2859231D336C9B1EBA1
                                                      Function 02D7247D Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000002,?), ref: 02D724A9
                                                      • RtlEnterCriticalSection.NTDLL(?), ref: 02D724B8
                                                      • InterlockedExchange.KERNEL32(?,00000001), ref: 02D724CD
                                                      • RtlLeaveCriticalSection.NTDLL(?), ref: 02D724D4
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CriticalSection$CompletionEnterExchangeInterlockedLeavePostQueuedStatus
                                                      • String ID:
                                                      • API String ID: 4018804020-0
                                                      • Opcode ID: 5f819e1d0530e19d8f1f27f7d6b51a92c8aadc481a4b14a3144bcb7fce282f34
                                                      • Instruction ID: 0e2a61f541b4bc6e2b711eff9a81a84c0cbce045a793b4d99d35b698b3b7c577
                                                      • Opcode Fuzzy Hash: 5f819e1d0530e19d8f1f27f7d6b51a92c8aadc481a4b14a3144bcb7fce282f34
                                                      • Instruction Fuzzy Hash: 42F03172540205AFDB009F55DC44F9ABBBCFF44711F104415FA08CA241D771E960CFA0
                                                      Function 02D72004 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog.LIBCMT ref: 02D72009
                                                      • RtlDeleteCriticalSection.NTDLL(?), ref: 02D72028
                                                      • CloseHandle.KERNEL32(00000000), ref: 02D72037
                                                      • CloseHandle.KERNEL32(00000000), ref: 02D7204E
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CloseHandle$CriticalDeleteH_prologSection
                                                      • String ID:
                                                      • API String ID: 2456309408-0
                                                      • Opcode ID: bf7e04e231e6cb2cbcc7eadd77a80d44a91b0580df390fc7db6da733792d65eb
                                                      • Instruction ID: 13911ee5a8c053ed13ac77fd5f9d489700d110db4dfde00af6f274f9fd7cab37
                                                      • Opcode Fuzzy Hash: bf7e04e231e6cb2cbcc7eadd77a80d44a91b0580df390fc7db6da733792d65eb
                                                      • Instruction Fuzzy Hash: 1801AD715007449BD734AF64E808B9AF7B5FF04308F204A5DF84A82790D7786D58CF60
                                                      Function 02D71E26 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Event$H_prologSleep
                                                      • String ID:
                                                      • API String ID: 1765829285-0
                                                      • Opcode ID: 8e9f33f03ca7e2b899db1eb3194dac5e3efceba3288a70c9471a323040354d74
                                                      • Instruction ID: 154ae50bc5c47b82db80d4abdc7d84805576e98a8a432994cc81245b4f375fb2
                                                      • Opcode Fuzzy Hash: 8e9f33f03ca7e2b899db1eb3194dac5e3efceba3288a70c9471a323040354d74
                                                      • Instruction Fuzzy Hash: 2FF03A76A50110EFDB009FA4E8C9B88BBB4FF09311F6081A9FA199B390C7359C54CB65
                                                      Function 02D79F60 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 179COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: H_prolog_memmove
                                                      • String ID: &'
                                                      • API String ID: 3529519853-655172784
                                                      • Opcode ID: 743391e0a6c6783a31dd26228d140408817e43a27ed1d0daa9522d5ee3d00705
                                                      • Instruction ID: dc5425a8638c24aed043856519476cecc7189ec515e6b391b09ce8f958f7b9e3
                                                      • Opcode Fuzzy Hash: 743391e0a6c6783a31dd26228d140408817e43a27ed1d0daa9522d5ee3d00705
                                                      • Instruction Fuzzy Hash: C2615E72D00209DBDF21EFA4C951AEDFBB6EF48310F10456AD519AB280E7749E45CF61
                                                      Function 0040639F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetCPInfo.KERNEL32(?,00000000), ref: 004063B3
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: Info
                                                      • String ID: $
                                                      • API String ID: 1807457897-3032137957
                                                      • Opcode ID: a7f3197f69078d42aea810566aa5413c4cc4e987de3c304b03698a2edaada33c
                                                      • Instruction ID: 8c55b24d83960f1fa11b83fcbaff02b2a5c71f0a1905284ffb67a28f23df5d26
                                                      • Opcode Fuzzy Hash: a7f3197f69078d42aea810566aa5413c4cc4e987de3c304b03698a2edaada33c
                                                      • Instruction Fuzzy Hash: B1417A31000258AAEB219B18DD89BFB3FE8EB06710F1501F6D646F71D2C33949689F6E
                                                      Function 02D79674 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • WSASetLastError.WS2_32(00000000,?,?,?,?,?,?,?,02D783DE,?,?,00000000), ref: 02D796DB
                                                      • getsockname.WS2_32(?,?,?), ref: 02D796F1
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ErrorLastgetsockname
                                                      • String ID: &'
                                                      • API String ID: 566540725-655172784
                                                      • Opcode ID: 915776de9bc09422e1590ffb37e9383c477e094cb6df4d6f8d02fbd5610d3962
                                                      • Instruction ID: 309aef184e047b630b99e1a9cac429ca359afe57710aec666713b6809525f9e8
                                                      • Opcode Fuzzy Hash: 915776de9bc09422e1590ffb37e9383c477e094cb6df4d6f8d02fbd5610d3962
                                                      • Instruction Fuzzy Hash: 792181B2A102489FDB10DF68D844ACEB7F5FF48324F10856AE818EB380E734ED458B60
                                                      Function 02D7CCBA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog.LIBCMT ref: 02D7CCBF
                                                        • Part of subcall function 02D7D29B: std::exception::exception.LIBCMT ref: 02D7D2CA
                                                        • Part of subcall function 02D7DA51: __EH_prolog.LIBCMT ref: 02D7DA56
                                                        • Part of subcall function 02D83B5C: _malloc.LIBCMT ref: 02D83B74
                                                        • Part of subcall function 02D7D2FA: __EH_prolog.LIBCMT ref: 02D7D2FF
                                                      Strings
                                                      • class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void), xrefs: 02D7CCF5
                                                      • C:\boost_1_55_0\staging\include\boost-1_55\boost/exception/detail/exception_ptr.hpp, xrefs: 02D7CCFC
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: H_prolog$_mallocstd::exception::exception
                                                      • String ID: C:\boost_1_55_0\staging\include\boost-1_55\boost/exception/detail/exception_ptr.hpp$class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void)
                                                      • API String ID: 1953324306-1943798000
                                                      • Opcode ID: 117a6b0f22ef91054f180d6339ceba83f3a705a24a1bd10d959149d0836e89c0
                                                      • Instruction ID: 782e0057657b3ab318f42bc44d57252e57b2d2fa0c675fd8e28eba28f0fe172a
                                                      • Opcode Fuzzy Hash: 117a6b0f22ef91054f180d6339ceba83f3a705a24a1bd10d959149d0836e89c0
                                                      • Instruction Fuzzy Hash: 0C214B71E00254DEDB14EFA8E554AEEBBB6EF55704F00449EE805A7380EB749E04CB61
                                                      Function 02D7CDAF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog.LIBCMT ref: 02D7CDB4
                                                        • Part of subcall function 02D7D372: std::exception::exception.LIBCMT ref: 02D7D39F
                                                        • Part of subcall function 02D7DB88: __EH_prolog.LIBCMT ref: 02D7DB8D
                                                        • Part of subcall function 02D83B5C: _malloc.LIBCMT ref: 02D83B74
                                                        • Part of subcall function 02D7D3CF: __EH_prolog.LIBCMT ref: 02D7D3D4
                                                      Strings
                                                      • class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void), xrefs: 02D7CDEA
                                                      • C:\boost_1_55_0\staging\include\boost-1_55\boost/exception/detail/exception_ptr.hpp, xrefs: 02D7CDF1
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: H_prolog$_mallocstd::exception::exception
                                                      • String ID: C:\boost_1_55_0\staging\include\boost-1_55\boost/exception/detail/exception_ptr.hpp$class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void)
                                                      • API String ID: 1953324306-412195191
                                                      • Opcode ID: 188c63228d3e1803596a138c2c59103cd43816042d89783fe53b421252ce7627
                                                      • Instruction ID: 6e48f05b21befb64b555e706587e049bfd87450686e9beb52566f1ae3bdb5fd7
                                                      • Opcode Fuzzy Hash: 188c63228d3e1803596a138c2c59103cd43816042d89783fe53b421252ce7627
                                                      • Instruction Fuzzy Hash: 0A216D71E002589BDF14EFE4E554AEEBBB6EF15704F04445DE809A7380EB745E04CBA0
                                                      Function 02D7534D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • _malloc.LIBCMT ref: 02D7535D
                                                        • Part of subcall function 02D82FBC: __FF_MSGBANNER.LIBCMT ref: 02D82FD3
                                                        • Part of subcall function 02D82FBC: __NMSG_WRITE.LIBCMT ref: 02D82FDA
                                                        • Part of subcall function 02D82FBC: RtlAllocateHeap.NTDLL(00830000,00000000,00000001), ref: 02D82FFF
                                                      • SHGetSpecialFolderPathA.SHELL32(00000000,00000000,00000023,00000000), ref: 02D7536F
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateFolderHeapPathSpecial_malloc
                                                      • String ID: \save.dat
                                                      • API String ID: 4128168839-3580179773
                                                      • Opcode ID: f76aa759a4bc42a6743849e022dfc45fbb1a74088c218f8e95fd3d404caa493b
                                                      • Instruction ID: 9eb6c68665e78c1ebf737c77c10110bab74afe12452138dd97f297636f2e5a38
                                                      • Opcode Fuzzy Hash: f76aa759a4bc42a6743849e022dfc45fbb1a74088c218f8e95fd3d404caa493b
                                                      • Instruction Fuzzy Hash: E8113A729042456BEB259E659C84A6FFF6BDF82A54B5401ADFC886B311E7A20D02C6A0
                                                      Function 02D73965 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog.LIBCMT ref: 02D7396A
                                                      • std::runtime_error::runtime_error.LIBCPMT ref: 02D739C1
                                                        • Part of subcall function 02D71410: std::exception::exception.LIBCMT ref: 02D71428
                                                        • Part of subcall function 02D7A629: __EH_prolog.LIBCMT ref: 02D7A62E
                                                        • Part of subcall function 02D7A629: Concurrency::cancellation_token::_FromImpl.LIBCPMT ref: 02D7A63D
                                                        • Part of subcall function 02D7A629: __CxxThrowException@8.LIBCMT ref: 02D7A65C
                                                      Strings
                                                      • Day of month is not valid for year, xrefs: 02D739AC
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: H_prolog$Concurrency::cancellation_token::_Exception@8FromImplThrowstd::exception::exceptionstd::runtime_error::runtime_error
                                                      • String ID: Day of month is not valid for year
                                                      • API String ID: 1404951899-1521898139
                                                      • Opcode ID: 244ce58f096249cade7e6e388a1c190dc604197d1c2a7f6404423ca8a07fbfb6
                                                      • Instruction ID: 17528707effb1177e155e6fb258af00f57c06a192d3c3295a176c6278d72f4f8
                                                      • Opcode Fuzzy Hash: 244ce58f096249cade7e6e388a1c190dc604197d1c2a7f6404423ca8a07fbfb6
                                                      • Instruction Fuzzy Hash: 09019E36810209EADF01EFA4D801AEEB779FF14B10F50451AF804A7340EB348E55CBA5
                                                      Function 02D7B10B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • std::exception::exception.LIBCMT ref: 02D7FB22
                                                      • __CxxThrowException@8.LIBCMT ref: 02D7FB37
                                                        • Part of subcall function 02D83B5C: _malloc.LIBCMT ref: 02D83B74
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Exception@8Throw_mallocstd::exception::exception
                                                      • String ID: bad allocation
                                                      • API String ID: 4063778783-2104205924
                                                      • Opcode ID: cbef7a8beb034b4d175af80ace398275045d9252c231588f2168d9e5e0842d3d
                                                      • Instruction ID: 4bf85d9bd3276df31a52cfc4e73d904c085026220309dbd41cc6ea8218e47b5a
                                                      • Opcode Fuzzy Hash: cbef7a8beb034b4d175af80ace398275045d9252c231588f2168d9e5e0842d3d
                                                      • Instruction Fuzzy Hash: BCF0A7B060030A669F04FAA89C25EAF73EDDB04714F5005AAF815E3380FB70FE04C5A5
                                                      Function 02D73C16 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog.LIBCMT ref: 02D73C1B
                                                      • std::bad_exception::bad_exception.LIBCMT ref: 02D73C30
                                                        • Part of subcall function 02D824C7: std::exception::exception.LIBCMT ref: 02D824D1
                                                        • Part of subcall function 02D7A662: __EH_prolog.LIBCMT ref: 02D7A667
                                                        • Part of subcall function 02D7A662: __CxxThrowException@8.LIBCMT ref: 02D7A690
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: H_prolog$Exception@8Throwstd::bad_exception::bad_exceptionstd::exception::exception
                                                      • String ID: bad cast
                                                      • API String ID: 1300498068-3145022300
                                                      • Opcode ID: 0afdbf6bca292f170a13670a1f960552ca136c5ce9993225faf27eed339f1180
                                                      • Instruction ID: 7ae6885da6f50390f09056a163a4ca60057692e4fbf08f149fb84b04ee1b3aa7
                                                      • Opcode Fuzzy Hash: 0afdbf6bca292f170a13670a1f960552ca136c5ce9993225faf27eed339f1180
                                                      • Instruction Fuzzy Hash: 3FF0A7329005089BCB09EF58D4409EEB776EF52311F20416EFD0957340DB729D46CAA1
                                                      Function 02D738CD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog.LIBCMT ref: 02D738D2
                                                      • std::runtime_error::runtime_error.LIBCPMT ref: 02D738F1
                                                        • Part of subcall function 02D71410: std::exception::exception.LIBCMT ref: 02D71428
                                                        • Part of subcall function 02D78997: _memmove.LIBCMT ref: 02D789B7
                                                      Strings
                                                      • Year is out of valid range: 1400..10000, xrefs: 02D738E0
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: H_prolog_memmovestd::exception::exceptionstd::runtime_error::runtime_error
                                                      • String ID: Year is out of valid range: 1400..10000
                                                      • API String ID: 3258419250-2344417016
                                                      • Opcode ID: b4f1dc9fae8d7b7ddc461fcffacd2d1937f68d1f6cc44ddf6c125f8878d9ae77
                                                      • Instruction ID: db5e7563859db43502509df537cae19c42645b5c6666c400c6a9fb002fb4322b
                                                      • Opcode Fuzzy Hash: b4f1dc9fae8d7b7ddc461fcffacd2d1937f68d1f6cc44ddf6c125f8878d9ae77
                                                      • Instruction Fuzzy Hash: F2E0D832A001149BDF14FBA4D815BEDB775DB08714F10095AF405B77C0EAB55D04CBA1
                                                      Function 02D73881 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog.LIBCMT ref: 02D73886
                                                      • std::runtime_error::runtime_error.LIBCPMT ref: 02D738A5
                                                        • Part of subcall function 02D71410: std::exception::exception.LIBCMT ref: 02D71428
                                                        • Part of subcall function 02D78997: _memmove.LIBCMT ref: 02D789B7
                                                      Strings
                                                      • Day of month value is out of range 1..31, xrefs: 02D73894
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: H_prolog_memmovestd::exception::exceptionstd::runtime_error::runtime_error
                                                      • String ID: Day of month value is out of range 1..31
                                                      • API String ID: 3258419250-1361117730
                                                      • Opcode ID: 0298a7346cf49247be7a7fe386a56152e365ef7dd5d5c63d2a803c8d23edd4c7
                                                      • Instruction ID: 62659f8ff019e27cc81f6684fdbdfacdb728f2c73d6740f0c3c6a2aaa41b3307
                                                      • Opcode Fuzzy Hash: 0298a7346cf49247be7a7fe386a56152e365ef7dd5d5c63d2a803c8d23edd4c7
                                                      • Instruction Fuzzy Hash: 83E0D832A0011497DF14BBA8D815BEDB775DB08B14F50055AF805B7780EAB55D04DBA1
                                                      Function 02D73919 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog.LIBCMT ref: 02D7391E
                                                      • std::runtime_error::runtime_error.LIBCPMT ref: 02D7393D
                                                        • Part of subcall function 02D71410: std::exception::exception.LIBCMT ref: 02D71428
                                                        • Part of subcall function 02D78997: _memmove.LIBCMT ref: 02D789B7
                                                      Strings
                                                      • Month number is out of range 1..12, xrefs: 02D7392C
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: H_prolog_memmovestd::exception::exceptionstd::runtime_error::runtime_error
                                                      • String ID: Month number is out of range 1..12
                                                      • API String ID: 3258419250-4198407886
                                                      • Opcode ID: bd3f88b0e129bf80b0feac97c17b72266016a07a98e59373f802648f12d0bc8a
                                                      • Instruction ID: 8ef96610fd933a55bfef593e6aa668b772ad8ee0a23a4567253a95dea128b385
                                                      • Opcode Fuzzy Hash: bd3f88b0e129bf80b0feac97c17b72266016a07a98e59373f802648f12d0bc8a
                                                      • Instruction Fuzzy Hash: 63E0D832E0011897DF14BBA4D815BEEB779DB08714F10065AF805B7780EAB55D04CBA1
                                                      Function 02D719C2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • TlsAlloc.KERNEL32 ref: 02D719CC
                                                      • GetLastError.KERNEL32 ref: 02D719D9
                                                        • Part of subcall function 02D71712: __EH_prolog.LIBCMT ref: 02D71717
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocErrorH_prologLast
                                                      • String ID: tss
                                                      • API String ID: 249634027-1638339373
                                                      • Opcode ID: c83a846596ef16e5c8efc4873b36e09892a8fbcb0d9d0ee1e9bb48dd5f37b3e8
                                                      • Instruction ID: fb499c7aca52b1fdabd32fc99e99ac84ceee49b73711e76433263247957cd554
                                                      • Opcode Fuzzy Hash: c83a846596ef16e5c8efc4873b36e09892a8fbcb0d9d0ee1e9bb48dd5f37b3e8
                                                      • Instruction Fuzzy Hash: 75E04F719242109B82007A78E80818BBBA89A85235F108766FCBD833D0FB349D108BD2
                                                      Function 02D73BD3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog.LIBCMT ref: 02D73BD8
                                                      • std::bad_exception::bad_exception.LIBCMT ref: 02D73BED
                                                        • Part of subcall function 02D824C7: std::exception::exception.LIBCMT ref: 02D824D1
                                                        • Part of subcall function 02D7A662: __EH_prolog.LIBCMT ref: 02D7A667
                                                        • Part of subcall function 02D7A662: __CxxThrowException@8.LIBCMT ref: 02D7A690
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2940637005.0000000002D71000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D71000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_2d71000_avidenta.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: H_prolog$Exception@8Throwstd::bad_exception::bad_exceptionstd::exception::exception
                                                      • String ID: bad cast
                                                      • API String ID: 1300498068-3145022300
                                                      • Opcode ID: d67cc0d159c3b7ed8b880adc63e4623ae00795a63100fa3d7f15f34ee74985a1
                                                      • Instruction ID: bb6ba7bacaedbf44f16f494b184f92d2feb27a21299a33ad6153d8b359f822b0
                                                      • Opcode Fuzzy Hash: d67cc0d159c3b7ed8b880adc63e4623ae00795a63100fa3d7f15f34ee74985a1
                                                      • Instruction Fuzzy Hash: 44E0DF30900108EBCB05EFA8E401BBCB772EF11300F5081ACAC0A13380DB345D06CEA1
                                                      Function 0040D57F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: ExecuteShell
                                                      • String ID: H$Yz
                                                      • API String ID: 587946157-927218460
                                                      • Opcode ID: 8c8c09c7ae23618bca81a173e19171a34d013a3d51dc7de88ee769f57ae997b6
                                                      • Instruction ID: 22e90b30da574f8995697d025d420492e267c75b5d223db5734334627b0cee7a
                                                      • Opcode Fuzzy Hash: 8c8c09c7ae23618bca81a173e19171a34d013a3d51dc7de88ee769f57ae997b6
                                                      • Instruction Fuzzy Hash: 46C08C7A9083264ED34136FC894C4BA20C919DAA44FF61937E812A7100EDBC488F678A
                                                      Function 00404DE0 Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • HeapReAlloc.KERNEL32(00000000,00000050,?,00000000,00404BA8,?,?,?,00000100,?,00000000), ref: 00404E08
                                                      • HeapAlloc.KERNEL32(00000008,000041C4,?,00000000,00404BA8,?,?,?,00000100,?,00000000), ref: 00404E3C
                                                      • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004,?,00000000,00404BA8,?,?,?,00000100,?,00000000), ref: 00404E56
                                                      • HeapFree.KERNEL32(00000000,?,?,00000000,00404BA8,?,?,?,00000100,?,00000000), ref: 00404E6D
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2939456001.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000004.00000002.2939456001.000000000040B000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_400000_avidenta.jbxd
                                                      Similarity
                                                      • API ID: AllocHeap$FreeVirtual
                                                      • String ID:
                                                      • API String ID: 3499195154-0
                                                      • Opcode ID: be4d8ca50aa131807ba676d9363997483af1cc6bc0a4ccddff0ceff735b1d4e8
                                                      • Instruction ID: cf6d2bc5938fe3ffcff82bea2d66dbd09d2dd9e75a0d3cf3d0c4fb3d4d9a8dcb
                                                      • Opcode Fuzzy Hash: be4d8ca50aa131807ba676d9363997483af1cc6bc0a4ccddff0ceff735b1d4e8
                                                      • Instruction Fuzzy Hash: 671146B0201302EFC7209F68EE85D227BB5FB84720710863AE291E25E0C7309845CB9C